[midPoint] midPoint SSO with SAML

Katka Valalikova katka.valalikova at evolveum.com
Wed Jan 18 14:39:04 CET 2017 


Hi Nicolas, 




I think no one tried it before. I implemented support for CAS and LDAP authentication, both using Spring Security (CAS, LDAP) libs. My experience is, that it is enough to follow spring tutorials and then just implement the method for specific user details service. After quick look into the Spring Security SAML implementation I guess, that you will need to implement loadUserBySAML from SAMLUserDetailsService interface. Just add it to the UserProfileServiceImpl, something like this: 




public class UserProfileServiceImpl implements UserProfi leService, UserDetailsService, UserDetailsContextMapper, SAMLUserDetailsService { 




.... 




@Override 

public UserDetai ls loadUserBySAML(SAMLCredential credential ) { 

try { 

return getPrincipal( credential.getAttributeAsString("assertion/subject/NameID") ); // load name attribute for SAML assertion, I don't know the exact format.. 

} catch (ObjectNotFoundException e ) { 

throw new UsernameNotFoundException( e .getMessage(), e ); 

} 

} 




} 




I didn't try it, I just guess. If you will try and will be successful, your contribution is more than welcome. 





Best regards, 

Katarina Valalikova 
Java Developer 
evolveum.com 

Best regards, 

Katarina Valalikova 
Java Developer 
evolveum.com 

----- Original Message -----

From: "Nicolas Rossi" <nrossi at identicum.com> 
To: "midPoint General Discussion" <midpoint at lists.evolveum.com> 
Sent: Friday, December 30, 2016 1:49:29 PM 
Subject: [midPoint] midPoint SSO with SAML 

Hi guys, I just wondering if I can configure SSO in midPoint with SAML. I read on the wiki ( https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO ) that the security layer is based on Spring Security and it supports SAML ( http://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-sso.html ). Has anyone tried it before ? 

Kind regards and happy new year ! 


Ing Nicolás Rossi 
Identicum S.A. 
Jorge Newbery 3226 
Tel: +54 (11) 4552-3050 
www.identicum.com 

_______________________________________________ 
midPoint mailing list 
midPoint at lists.evolveum.com 
http://lists.evolveum.com/mailman/listinfo/midpoint 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170118/289f2d33/attachment.htm>

More information about the midPoint mailing list