<div dir="ltr"><div class="gmail_default"><font color="#444444" face="arial, helvetica, sans-serif">Hi Katarina, thank you for your help. I'll do some test on our environment and if it works I'll share it with the community. </font></div><div class="gmail_default"><font color="#444444" face="arial, helvetica, sans-serif"><br></font></div><div class="gmail_default"><font color="#444444" face="arial, helvetica, sans-serif">Best regards,</font></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font face="arial, helvetica, sans-serif"><br><br><font color="#444444">Ing Nicolás Rossi</font><br><font color="#999999">Identicum S.A.</font><br><font color="#999999">Jorge Newbery 3226</font><br><font color="#999999">Tel: +54 (11) 4552-3050</font><br><font color="#999999"><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></font></font><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Wed, Jan 18, 2017 at 10:39 AM, Katka Valalikova <span dir="ltr"><<a href="mailto:katka.valalikova@evolveum.com" target="_blank">katka.valalikova@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><div><p style="margin:0px">Hi Nicolas,</p><p style="margin:0px"><br></p><p style="margin:0px">I think no one tried it before. I implemented support for CAS and LDAP authentication, both using Spring Security (CAS, LDAP) libs. My experience is, that it is enough to follow spring tutorials and then just implement the method for specific user details service. After quick look into the Spring Security SAML implementation I guess, that you will need to implement loadUserBySAML from SAMLUserDetailsService interface. Just add it to the UserProfileServiceImpl, something like this:</p><p style="margin:0px"><br></p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco"><span style="text-decoration:underline;color:#931a68">public</span><span style="text-decoration:underline"> </span><span style="text-decoration:underline;color:#931a68">class</span><span style="text-decoration:underline"> UserProfileServiceImpl </span><span style="text-decoration:underline;color:#931a68">implements</span><span style="text-decoration:underline"> UserProfi</span>leService, UserDetailsService, UserDetailsContextMapper, <strong>SAMLUserDetailsService</strong> {</p><p style="margin:0px"><br></p><p style="margin:0px">....</p><p style="margin:0px"><br></p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco;color:#777777"><span style="text-decoration:underline">@Override</span></p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco"><span style="text-decoration:underline"><span class="m_4008978705510633886Apple-tab-span" style="white-space:pre-wrap"> </span></span><span style="text-decoration:underline;color:#931a68">public</span><span style="text-decoration:underline"> UserDetai</span>ls loadUserBySAML(SAMLCredential <span color="#7e504f" style="color:#7e504f">credential</span>) {</p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco"><span class="m_4008978705510633886Apple-tab-span" style="white-space:pre-wrap">     </span><span style="color:#931a68">try</span> {</p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco"><span class="m_4008978705510633886Apple-tab-span" style="white-space:pre-wrap">         </span><span style="color:#931a68">return</span> getPrincipal(<span style="color:#7e504f">credential.<wbr>getAttributeAsString("<wbr>assertion/subject/NameID")</span>);   // load name attribute for SAML assertion, I don't know the exact format..</p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco"><span class="m_4008978705510633886Apple-tab-span" style="white-space:pre-wrap">     </span>} <span style="color:#931a68">catch</span> (ObjectNotFoundException <span style="color:#7e504f">e</span>) {</p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco"><span class="m_4008978705510633886Apple-tab-span" style="white-space:pre-wrap">         </span><span style="color:#931a68">throw</span> <span style="color:#931a68">new</span> UsernameNotFoundException(<span style="color:#7e504f">e</span>.<wbr>getMessage(), <span style="color:#7e504f">e</span>);</p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco"><span class="m_4008978705510633886Apple-tab-span" style="white-space:pre-wrap">     </span>}</p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco"><span class="m_4008978705510633886Apple-tab-span" style="white-space:pre-wrap"> </span>}</p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco"><br></p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco">}</p><p style="margin:0px;font-size:11px;line-height:normal;font-family:Monaco"><br></p><p style="margin:0px">I didn't try it, I just guess. If you will try and will be successful, your contribution is more than welcome. <br></p><p style="margin:0px"><br></p><p style="margin:0px">Best regards,</p><p style="margin:0px">Katarina Valalikova<br>Java Developer<br><a href="http://evolveum.com" target="_blank">evolveum.com</a></p></div><div><br></div><div><span name="x"></span>Best regards,<br><div><br></div>Katarina Valalikova<br>Java Developer<br><a href="http://evolveum.com" target="_blank">evolveum.com</a><span name="x"></span><br></div><div><br></div><hr id="m_4008978705510633886zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From: </b>"Nicolas Rossi" <<a href="mailto:nrossi@identicum.com" target="_blank">nrossi@identicum.com</a>><br><b>To: </b>"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br><b>Sent: </b>Friday, December 30, 2016 1:49:29 PM<br><b>Subject: </b>[midPoint] midPoint SSO with SAML<div><div class="h5"><br><div><br></div><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Hi guys, I just wondering if I can configure SSO in midPoint with SAML. I read on the wiki (<a href="https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO" target="_blank">https://wiki.evolveum.com/<wbr>display/midPoint/MidPoint+and+<wbr>SSO+HOWTO</a>) that the security layer is based on Spring Security and it supports SAML (<a href="http://docs.spring.io/spring-security-saml/docs/current/reference/html/configuration-sso.html" target="_blank">http://docs.spring.io/spring-<wbr>security-saml/docs/current/<wbr>reference/html/configuration-<wbr>sso.html</a>). Has anyone tried it before ?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Kind regards and happy new year !</div><div><div class="m_4008978705510633886gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span face="arial, helvetica, sans-serif" style="font-family:arial,helvetica,sans-serif"><span face="arial, helvetica, sans-serif" style="font-family:arial,helvetica,sans-serif"><br></span></span><div><br></div><span face="arial, helvetica, sans-serif" style="font-family:arial,helvetica,sans-serif"><span color="#444444" style="color:#444444">Ing Nicolás Rossi</span><br><span color="#999999" style="color:#999999">Identicum S.A.</span><br><span color="#999999" style="color:#999999">Jorge Newbery 3226</span><br><span color="#999999" style="color:#999999">Tel: +54 (11) 4552-3050</span><br><span color="#999999" style="color:#999999"><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></span></span><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div></div>______________________________<wbr>_________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br></div><div><br></div></div></div><br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>