Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Custom SAML SSO login lets you decide upon the user, applicable role, and URL to which the user will be redirected. You can implement an interface that provides the ability to define a custom class implementation to authenticate the user information.

In this option, you need to define new Java class and place that in customClasses\custom\beans folder. This option provide the ability to define a custom implementation for providing the user role and redirect URL. 

Ideally we would like the AD groups to be passed as well within the SAML assertions and that AD group shall be translated to Adeptia role and the user can be signed into the appropriate roles.  We imagine the use case for that would be

 

 

  1. User types in the login URL
  2. SAML provider would intercept the URL and generate SAML assertion and do HTTP Post to the Adeptia portal
  3. Within the SAML assertion the email ID and the AD groups pertaining Adeptia would be passed along
  4. Adeptia would take the AD groups as part of SAML assertion and translate to the Adeptia roles and Sign the user to the application with appropriate roles.  This way the roles can be better managed within the Active directory as against the Adeptia application.

  1. Before generating an access token for the user (for SAML SSO interaction), we will provide the ability to define a custom implementation for providing the user role and redirect URL.
  2. As part of the solution implementation, MM needs to provide an implementer class that will map the customer user attributes to a Role and redirect URL. Here is the contract for this class:



Follow the steps below to create the custom class:

  1. Create a new Java class to implement the interface as shown below. 

    This interface provides the ability to define a custom implementation for providing the authenticated user information.

    SAML SSO Authentication
    package com.adeptia.indigo.security.saml;

import java.util.Map;

import org.springframework.security.core.Authentication;

/**
 * This interface provides the ability to define a custom implementation for
 * providing the authenticated user information.
 * 
 * The contract accepts the Authentication Object as an input which contains all
 * the information of authenticated user received as a part of SAML response.
 * The output delivered is the User's attributes and Target URL.
 * 
 * @author Ranjit
 *
 */
public interface SAMLSSOAuthenticationUserDetails {

	/**
	 * Prepare the {@link SubjectInfo} for the authenticated User
	 * 
	 * @param authentication
	 *            Represents the token for an authentication request or for an
	 *            authenticated principal
	 * 
	 * @return The authenticated Subject attributes : user, Group, associated
	 *         partner and associated role
	 * 
	 */
	public SubjectInfo getSubjectInfo(Authentication authentication);

	/**
	 * The URL the SP should redirect the user once the SSO completes.
	 * 
	 * Generally the relay state present into SAML message specify the URL to which
	 * the user is to be redirected.
	 * 
	 * @param authentication
	 *            Represents the token for an authentication request or for an
	 *            authenticated principal
	 * 
	 * @return the relative URL fragment identifier( value after hash #) or the
	 *         complete absolute URL. The value assumed to be absolute URL if it
	 *         starts with http:// or https://, otherwise the value is considered as
	 *         Fragment identifier.
	 */
	public String getRedirectUrl(Authentication authentication);

	/**
	 * The user attributes received as a part of SAML assertions.
	 * 
	 * The user attributes Map to be returned should have Keys in String format and
	 * values as Serializable objects.
	 * 
	 * @param authentication
	 *            Represents the token for an authentication request or for an
	 *            authenticated principal
	 * 
	 * @return the user attributes Map
	 */
	public Map<String, String> getAttributes(Authentication authentication);

}

  2. Compile the above class and place it customClasses\custom\beans folder.

  3. Go to …<ConnectServerInstallFolder>\AdeptiaServer\ServerKernel\etc location.

    1. Open applicationConfig.xml file.

    2. Search for bean id 'samlSSOAuthenticationUserDetails' in the xml file.

    3. Update the class value with your own custom class Name.

    Restart the Adeptia services to bring the changes into effect.


  • No labels