Fórumok

  1. Nyitólap
  2. Development
  3. SAML2 plugin : id on on another construct

SAML2 plugin : id on on another construct

thumbnail
Jack Bakker, módosítva 10 év-val korábban

SAML2 plugin : id on on another construct

Liferay Master Bejegyzések: 978 Csatlakozás dátuma: 2010.01.03. Legújabb bejegyzések
I have a Liferay portal where login is by screenname ; looking to use SAML2 plugin (IdP initiated) to id on one of the below


When a client builds an identity provider, they must provide us with one of three sets of identifying client information:
-	The member’s SIN and last name, OR:
-	The member’s employee number and last name, OR:
-	The member’s demographic attributes: first and last name, city, date of birth, employment province code and postal code.


(btw in Canada, SIN = Social Insurance Number)

Is something like this a configurable with the SAML2 plugin or does it require custom coding ?
thumbnail
Mika Koivisto, módosítva 10 év-val korábban

RE: SAML2 plugin : id on on another construct

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
Is Liferay in this scenario the IdP or SP?

Liferay as SP can identify the user from NameID only however it's not too hard to extend that to include attributes. Liferay as IdP can use emailAddress, screenName, expando attribute and static value as the NameID it can also include expando attributes as attributes in the Response.
thumbnail
Jack Bakker, módosítva 10 év-val korábban

RE: SAML2 plugin : id on on another construct

Liferay Master Bejegyzések: 978 Csatlakozás dátuma: 2010.01.03. Legújabb bejegyzések
Mika Koivisto:
Is Liferay in this scenario the IdP or SP?

IdP

Mika Koivisto:
Liferay as SP can identify the user from NameID only however it's not too hard to extend that to include attributes.


Mika Koivisto:
Liferay as IdP can use emailAddress, screenName, expando attribute and static value as the NameID it can also include expando attributes as attributes in the Response.


where can I learn more how to ?

--

as an aside: For another solution, I am doing screenName (a.k.a. username) thru IdP initiated - intercepting the URL at likes of below to create a simple link within Liferay portal.

https://www.somedomain.com/c/portal/saml/sso?SAMLRequest=blahblah

to intercept, took creating a Liferay SP, shutting down my WAN access on SP side (dev) then hitting signin from SP and seeing the link that went nowhere, grab that and paste into link on IdP page for further to connect to external non-Liferay SP as IdP initiated

--

but how to for other id my main need right now, thanks Mika
thumbnail
Jack Bakker, módosítva 10 év-val korábban

RE: SAML2 plugin : id on on another construct

Liferay Master Bejegyzések: 978 Csatlakozás dátuma: 2010.01.03. Legújabb bejegyzések
Mika Koivisto:
Liferay as IdP can use emailAddress, screenName, expando attribute and static value as the NameID it can also include expando attributes as attributes in the Response.


So I am wondering what would be involved to use 'expando attribute' + lastname (the two concatenated)
thumbnail
Mika Koivisto, módosítva 10 év-val korábban

RE: SAML2 plugin : id on on another construct

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
Using Liferay as IdP you can initiate the SSO to the SP using URL like http://localhost:8080/c/portal/saml/sso?entityId=<sp entity Id>&RelayState=<url on sp where to go after logon>
RelayState is optional. Liferay SP will default it to the home page of the portal.

So I am wondering what would be involved to use 'expando attribute' + lastname (the two concatenated)


We don't support concatenation but you can extend com.liferay.saml.resolver.DefaultNameIdResolver and override getNameIdValue() method. Then to use that class as the NameID resolver you need to add a property to portal-ext.properties

saml.idp.metadata.name.id.resolver=com.example.saml.resolver.MyNameIdResolver
thumbnail
Jack Bakker, módosítva 10 év-val korábban

RE: SAML2 plugin : id on on another construct

Liferay Master Bejegyzések: 978 Csatlakozás dátuma: 2010.01.03. Legújabb bejegyzések
Mika Koivisto:
Using Liferay as IdP you can initiate the SSO to the SP using URL like http://localhost:8080/c/portal/saml/sso?entityId=<sp entity Id>&RelayState=<url on sp where to go after logon>
RelayState is optional. Liferay SP will default it to the home page of the portal.


well that's a lot easier than the long garfunkel link I have been using: ?SAMLRequest=muchblahblah&relayState=notRequired&SigAlg=moreblahblah&Signature=evenmore

Jack Bakker:
So I am wondering what would be involved to use 'expando attribute' + lastname (the two concatenated)


Mika Koivisto:

We don't support concatenation but you can extend com.liferay.saml.resolver.DefaultNameIdResolver and override getNameIdValue() method. Then to use that class as the NameID resolver you need to add a property to portal-ext.properties


saml.idp.metadata.name.id.resolver=com.example.saml.resolver.MyNameIdResolver


what type of plugin for this ?
thumbnail
Jack Bakker, módosítva 10 év-val korábban

RE: SAML2 plugin : id on on another construct

Liferay Master Bejegyzések: 978 Csatlakozás dátuma: 2010.01.03. Legújabb bejegyzések
Jack Bakker:

what type of plugin for this ?


I guess I can put the override in a jar and put in /lib/ext or in the saml portlet lib ?

is saml portlet source available ?
thumbnail
Jack Bakker, módosítva 10 év-val korábban

RE: SAML2 plugin : id on on another construct

Liferay Master Bejegyzések: 978 Csatlakozás dátuma: 2010.01.03. Legújabb bejegyzések
I now have source for saml ... from EE marketplace ...
thumbnail
Mika Koivisto, módosítva 10 év-val korábban

RE: SAML2 plugin : id on on another construct

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
You should extend the saml-portlet similarly to how we've done cas-web. It basically does a overlay on the war file.
thumbnail
Jack Bakker, módosítva 10 év-val korábban

RE: SAML2 plugin : id on on another construct

Liferay Master Bejegyzések: 978 Csatlakozás dátuma: 2010.01.03. Legújabb bejegyzések
Thanks Mika, am narrowing in
thumbnail
Jack Bakker, módosítva 10 év-val korábban

RE: SAML2 plugin : id on on another construct

Liferay Master Bejegyzések: 978 Csatlakozás dátuma: 2010.01.03. Legújabb bejegyzések
Would be nice to be able to hook plugin portlets...