You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 20
Next »
While using SAML SSO to log into the system, the SAML response can be interpreted to change the default behavior to make the user log into a specific company/partner in a specific role. Adeptia Connect allows you to do this by implementing a custom class to read and authenticate the user information. You need to define a new Java class and place that in the customClasses folder.
This option lets you:
- Access custom attributes and relay state information present in the SAML response
- Provide a specific company/partner and also a specific role for logged in user
- Provide a redirect URL to which user will be redirected after successful login
Follow the steps below to create the custom class:
Create a new Java class that implements the below interface.
SAML SSO Authentication Interface
package com.adeptia.indigo.security.saml;
import java.util.Map;
import org.springframework.security.core.Authentication;
/**
* This interface provides the ability to define a custom implementation for
* providing the authenticated user information.
*
* The contract accepts the Authentication Object as an input which contains all
* the information of authenticated user received as a part of SAML response.
* The output delivered is the User's attributes and Target URL.
*
* @author Ranjit
*
*/
public interface SAMLSSOAuthenticationUserDetails {
/**
* Prepare the {@link SubjectInfo} for the authenticated User
*
* @param authentication
* Represents the token for an authentication request or for an
* authenticated principal
*
* @return The authenticated Subject attributes : user, Group, associated
* partner and associated role
*
*/
public SubjectInfo getSubjectInfo(Authentication authentication);
/**
* The URL the SP should redirect the user once the SSO completes.
*
* Generally the relay state present into SAML message specify the URL to which
* the user is to be redirected.
*
* @param authentication
* Represents the token for an authentication request or for an
* authenticated principal
*
* @return the relative URL fragment identifier( value after hash #) or the
* complete absolute URL. The value assumed to be absolute URL if it
* starts with http:// or https://, otherwise the value is considered as
* Fragment identifier.
*/
public String getRedirectUrl(Authentication authentication);
/**
* The user attributes received as a part of SAML assertions.
*
* The user attributes Map to be returned should have Keys in String format and
* values as Serializable objects.
*
* @param authentication
* Represents the token for an authentication request or for an
* authenticated principal
*
* @return the user attributes Map
*/
public Map<String, String> getAttributes(Authentication authentication);
}
Expand 'SAML User Details IMPL' for an example of implementation class:
SAML User Details IMPL
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.opensaml.saml2.core.Attribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.saml.SAMLCredential;
import com.adeptia.indigo.security.AuthUtil;
import com.adeptia.indigo.security.IndigoGroup;
import com.adeptia.indigo.security.IndigoUser;
import com.adeptia.indigo.security.saml.SAMLSSOAuthenticationUserDetails;
import com.adeptia.indigo.security.saml.SubjectInfo;
public class SAMLUserDetailsImpl implements SAMLSSOAuthenticationUserDetails{
@SuppressWarnings("unchecked")
@Override
public SubjectInfo getSubjectInfo(Authentication authentication) {
SubjectInfo subjectInfo = new SubjectInfo();
subjectInfo.setUser(user);
subjectInfo.setGroupId(group);
subjectInfo.setPartner(partnerName);
subjectInfo.setRole(roleName);
return subjectInfo;
}
@Override
public String getRedirectUrl(Authentication authentication) {
return "home";
}
@Override
public Map<String, String> getAttributes(Authentication authentication) {
SAMLCredential credential = (SAMLCredential) authentication.getCredentials();
Map<String, String> userAttributesMap = new HashMap<>();
userAttributesMap.put("RelayState", credential.getRelayState());
List<Attribute> userAttributes = credential.getAttributes();
for (Attribute attribute : userAttributes) {
String name = attribute.getName();
userAttributesMap.put(name, credential.getAttributeAsString(name));
}
return userAttributesMap;
}
}
Compile the above class and place it in customClasses folder.
Go to …<ConnectServerInstallFolder>\AdeptiaServer\ServerKernel\etc location.
Open applicationConfig.xml file.
Search for bean id 'samlSSOAuthenticationUserDetails' in the xml file.
Update the class value with your own custom class name.