[midPoint] midPoint SSO with SAML

Nicolas Rossi nrossi at identicum.com
Wed Jan 18 14:53:05 CET 2017 

Hi Katarina, thank you for your help. I'll do some test on our environment
and if it works I'll share it with the community.

Best regards,



Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
www.identicum.com

On Wed, Jan 18, 2017 at 10:39 AM, Katka Valalikova <
katka.valalikova at evolveum.com> wrote:

> Hi Nicolas,
>
>
> I think no one tried it before. I implemented support for CAS and LDAP
> authentication, both using Spring Security (CAS, LDAP) libs. My experience
> is, that it is enough to follow spring tutorials and then just implement
> the method for specific user details service. After quick look into the
> Spring Security SAML implementation I guess, that you will need to
> implement loadUserBySAML from SAMLUserDetailsService interface. Just add it
> to the UserProfileServiceImpl, something like this:
>
>
> public class UserProfileServiceImpl implements UserProfileService,
> UserDetailsService, UserDetailsContextMapper, *SAMLUserDetailsService* {
>
>
> ....
>
>
> @Override
>
> public UserDetails loadUserBySAML(SAMLCredential credential) {
>
>     try {
>
>         return getPrincipal(credential.getAttributeAsString("
> assertion/subject/NameID"));   // load name attribute for SAML assertion,
> I don't know the exact format..
>
>     } catch (ObjectNotFoundException e) {
>
>         throw new UsernameNotFoundException(e.getMessage(), e);
>
>     }
>
> }
>
>
> }
>
>
> I didn't try it, I just guess. If you will try and will be successful,
> your contribution is more than welcome.
>
>
> Best regards,
>
> Katarina Valalikova
> Java Developer
> evolveum.com
>
> Best regards,
>
> Katarina Valalikova
> Java Developer
> evolveum.com
>
> ------------------------------
> *From: *"Nicolas Rossi" <nrossi at identicum.com>
> *To: *"midPoint General Discussion" <midpoint at lists.evolveum.com>
> *Sent: *Friday, December 30, 2016 1:49:29 PM
> *Subject: *[midPoint] midPoint SSO with SAML
>
>
> Hi guys, I just wondering if I can configure SSO in midPoint with SAML. I
> read on the wiki (https://wiki.evolveum.com/display/midPoint/MidPoint+and+
> SSO+HOWTO) that the security layer is based on Spring Security and it
> supports SAML (http://docs.spring.io/spring-security-saml/docs/current/
> reference/html/configuration-sso.html). Has anyone tried it before ?
>
> Kind regards and happy new year !
>
>
> Ing Nicolás Rossi
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050
> www.identicum.com
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170118/b3186dd6/attachment.htm>

More information about the midPoint mailing list