While using SAML SSO to login to the system, the SAML response can be interpreted to change the default behavior to make the user login to a specific company/partner in a specific role. Adeptia Connect allows you to do this by implementing a custom class to read and authenticate the user information. You need to define a new Java class and place that in customClasses folder.
This option lets you:
- Provide a specific company/partner and also a specific role for logged in user
- Provide a redirect URL to which user will be redirected after successful login
- Access custom attributes and relay state information present in SAML Response
Follow the steps below to create the custom class:
Create a new Java class that implement the below interface.
This interface provides the ability to define a custom implementation for providing the authenticated user information.Example of implementation class is given below:
SAML User Details IMPLimport java.util.HashMap; import java.util.List; import java.util.Map; import org.opensaml.saml2.core.Attribute; import org.springframework.security.core.Authentication; import org.springframework.security.saml.SAMLCredential; import com.adeptia.indigo.security.AuthUtil; import com.adeptia.indigo.security.IndigoGroup; import com.adeptia.indigo.security.IndigoUser; import com.adeptia.indigo.security.saml.SAMLSSOAuthenticationUserDetails; import com.adeptia.indigo.security.saml.SubjectInfo; public class SAMLUserDetailsImpl implements SAMLSSOAuthenticationUserDetails{ @SuppressWarnings("unchecked") @Override public SubjectInfo getSubjectInfo(Authentication authentication) { SubjectInfo subjectInfo = new SubjectInfo(); subjectInfo.setUser(user); subjectInfo.setGroupId(group); subjectInfo.setPartner(partnerName); subjectInfo.setRole(roleName); return subjectInfo; } @Override public String getRedirectUrl(Authentication authentication) { return "home"; } @Override public Map<String, String> getAttributes(Authentication authentication) { SAMLCredential credential = (SAMLCredential) authentication.getCredentials(); Map<String, String> userAttributesMap = new HashMap<>(); userAttributesMap.put("RelayState", credential.getRelayState()); List<Attribute> userAttributes = credential.getAttributes(); for (Attribute attribute : userAttributes) { String name = attribute.getName(); userAttributesMap.put(name, credential.getAttributeAsString(name)); } return userAttributesMap; } }
Compile the above class and place it customClasses folder.
Go to …<ConnectServerInstallFolder>\AdeptiaServer\ServerKernel\etc location.
Open applicationConfig.xml file.
Search for bean id 'samlSSOAuthenticationUserDetails' in the xml file.
Update the class value with your own custom class Name.
Restart the Adeptia services to bring the changes into effect.