<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div><p style="margin: 0px;" data-mce-style="margin: 0px;">Hi Nicolas,</p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p style="margin: 0px;" data-mce-style="margin: 0px;">I think no one tried it before. I implemented support for CAS and LDAP authentication, both using Spring Security (CAS, LDAP) libs. My experience is, that it is enough to follow spring tutorials and then just implement the method for specific user details service. After quick look into the Spring Security SAML implementation I guess, that you will need to implement loadUserBySAML from SAMLUserDetailsService interface. Just add it to the UserProfileServiceImpl, something like this:</p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;"><span style="text-decoration: underline; color: #931a68;" data-mce-style="text-decoration: underline; color: #931a68;">public</span><span style="text-decoration: underline;" data-mce-style="text-decoration: underline;"> </span><span style="text-decoration: underline; color: #931a68;" data-mce-style="text-decoration: underline; color: #931a68;">class</span><span style="text-decoration: underline;" data-mce-style="text-decoration: underline;"> UserProfileServiceImpl </span><span style="text-decoration: underline; color: #931a68;" data-mce-style="text-decoration: underline; color: #931a68;">implements</span><span style="text-decoration: underline;" data-mce-style="text-decoration: underline;"> UserProfi</span>leService, UserDetailsService, UserDetailsContextMapper, <strong>SAMLUserDetailsService</strong> {</p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p style="margin: 0px;" data-mce-style="margin: 0px;">....</p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco; color: #777777;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco; color: #777777;"><span style="text-decoration: underline;" data-mce-style="text-decoration: underline;">@Override</span></p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;"><span style="text-decoration: underline;" data-mce-style="text-decoration: underline;"><span class="Apple-tab-span" style="white-space: pre;" data-mce-style="white-space: pre;"> </span></span><span style="text-decoration: underline; color: #931a68;" data-mce-style="text-decoration: underline; color: #931a68;">public</span><span style="text-decoration: underline;" data-mce-style="text-decoration: underline;"> UserDetai</span>ls loadUserBySAML(SAMLCredential <span color="#7e504f" data-mce-style="color: #7e504f;" style="color: #7e504f;">credential</span>) {</p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;"><span class="Apple-tab-span" style="white-space: pre;" data-mce-style="white-space: pre;">     </span><span style="color: #931a68;" data-mce-style="color: #931a68;">try</span> {</p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;"><span class="Apple-tab-span" style="white-space: pre;" data-mce-style="white-space: pre;">         </span><span style="color: #931a68;" data-mce-style="color: #931a68;">return</span> getPrincipal(<span style="color: #7e504f;" data-mce-style="color: #7e504f;">credential.getAttributeAsString("assertion/subject/NameID")</span>);   // load name attribute for SAML assertion, I don't know the exact format..</p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;"><span class="Apple-tab-span" style="white-space: pre;" data-mce-style="white-space: pre;">     </span>} <span style="color: #931a68;" data-mce-style="color: #931a68;">catch</span> (ObjectNotFoundException <span style="color: #7e504f;" data-mce-style="color: #7e504f;">e</span>) {</p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;"><span class="Apple-tab-span" style="white-space: pre;" data-mce-style="white-space: pre;">         </span><span style="color: #931a68;" data-mce-style="color: #931a68;">throw</span> <span style="color: #931a68;" data-mce-style="color: #931a68;">new</span> UsernameNotFoundException(<span style="color: #7e504f;" data-mce-style="color: #7e504f;">e</span>.getMessage(), <span style="color: #7e504f;" data-mce-style="color: #7e504f;">e</span>);</p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;"><span class="Apple-tab-span" style="white-space: pre;" data-mce-style="white-space: pre;">     </span>}</p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;"><span class="Apple-tab-span" style="white-space: pre;" data-mce-style="white-space: pre;"> </span>}</p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;"><br></p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;">}</p><p style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;" data-mce-style="margin: 0px; font-size: 11px; line-height: normal; font-family: Monaco;"><br></p><p style="margin: 0px;" data-mce-style="margin: 0px;">I didn't try it, I just guess. If you will try and will be successful, your contribution is more than welcome. <br></p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p style="margin: 0px;" data-mce-style="margin: 0px;">Best regards,</p><p style="margin: 0px;" data-mce-style="margin: 0px;">Katarina Valalikova<br>Java Developer<br>evolveum.com</p></div><div><br></div><div><span name="x"></span>Best regards,<br><div><br></div>Katarina Valalikova<br>Java Developer<br>evolveum.com<span name="x"></span><br></div><div><br></div><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;" data-mce-style="color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Nicolas Rossi" <nrossi@identicum.com><br><b>To: </b>"midPoint General Discussion" <midpoint@lists.evolveum.com><br><b>Sent: </b>Friday, December 30, 2016 1:49:29 PM<br><b>Subject: </b>[midPoint] midPoint SSO with SAML<br><div><br></div><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)" data-mce-style="font-family: arial,helvetica,sans-serif; font-size: small; color: #444444;">Hi guys, I just wondering if I can configure SSO in midPoint with SAML. I read on the wiki (<a href="https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO" target="_blank" data-mce-href="https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO">https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO</a>) that the security layer is based on Spring Security and it supports SAML (<a href="http://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-sso.html" target="_blank" data-mce-href="http://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-sso.html">http://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-sso.html</a>). Has anyone tried it before ?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)" data-mce-style="font-family: arial,helvetica,sans-serif; font-size: small; color: #444444;"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)" data-mce-style="font-family: arial,helvetica,sans-serif; font-size: small; color: #444444;">Kind regards and happy new year !</div><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span face="arial, helvetica, sans-serif" data-mce-style="font-family: arial, helvetica, sans-serif;" style="font-family: arial, helvetica, sans-serif;"><span face="arial, helvetica, sans-serif" data-mce-style="font-family: arial, helvetica, sans-serif;" style="font-family: arial, helvetica, sans-serif;"><br></span></span><div><br></div><span face="arial, helvetica, sans-serif" data-mce-style="font-family: arial, helvetica, sans-serif;" style="font-family: arial, helvetica, sans-serif;"><span color="#444444" data-mce-style="color: #444444;" style="color: #444444;">Ing Nicolás Rossi</span><br><span color="#999999" data-mce-style="color: #999999;" style="color: #999999;">Identicum S.A.</span><br><span color="#999999" data-mce-style="color: #999999;" style="color: #999999;">Jorge Newbery 3226</span><br><span color="#999999" data-mce-style="color: #999999;" style="color: #999999;">Tel: +54 (11) 4552-3050</span><br><span color="#999999" data-mce-style="color: #999999;" style="color: #999999;"><a href="http://www.identicum.com" target="_blank" data-mce-href="http://www.identicum.com">www.identicum.com</a></span></span><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br>_______________________________________________<br>midPoint mailing list<br>midPoint@lists.evolveum.com<br>http://lists.evolveum.com/mailman/listinfo/midpoint<br></div><div><br></div></div></body></html>