SAML Plugin - Login Process on Service Provider - Forums

Fórum

SAML Plugin - Login Process on Service Provider

Naidu Jitta, modificado 11 Anos atrás.

SAML Plugin - Login Process on Service Provider

New Member Postagens: 6 Data de Entrada: 29/11/11 Postagens Recentes

Hi,

I have configured SSO using SAML plugin. I have created IDP, as well as SP and I am able to communicate between both successfully and it works great.

Now, I have requirement that authentication need to happen in the same domain (portal) from where user access the login portlet. In other other, if "login" is clicked on SP, it should not be directed to IDP for authentication. User need to be authenticated at SP itself. I was looking for any properties that might be present that I need to set in portal-ext.properties but I could not find any. I also went a head and looked into saml-portlet source code and looks like this is not possible as the servlet filter (SamlSpSsoFilter) redirects the login request to the IDP.

Is there a way to by pass this and achieve this use case with saml-portlet hook with in the liferay?

Thanks,

Naidu Jitta.

Mika Koivisto, modificado 11 Anos atrás.

RE: SAML Plugin - Login Process on Service Provider

Liferay Legend Postagens: 1519 Data de Entrada: 07/08/06 Postagens Recentes

With SAML the authentication ALWAYS happens on the IdP.

Naidu Jitta, modificado 11 Anos atrás.

RE: SAML Plugin - Login Process on Service Provider

New Member Postagens: 6 Data de Entrada: 29/11/11 Postagens Recentes

Is that feature some thing for the future release?

Mika Koivisto, modificado 11 Anos atrás.

RE: SAML Plugin - Login Process on Service Provider

Liferay Legend Postagens: 1519 Data de Entrada: 07/08/06 Postagens Recentes

No because it's not Liferay dependent it's specified in the SAML specification. In SAML there are two roles:

1) The IdP (Identity Provider) this is the entity that knows how to authenticate the user

2) The SP (Service Provider) this one relies on the IdP to handle authentication

Naidu Jitta, modificado 11 Anos atrás.

RE: SAML Plugin - Login Process on Service Provider

New Member Postagens: 6 Data de Entrada: 29/11/11 Postagens Recentes

Hi Mika,

I am trying to understand the roles in the SAML specification.

Am I true in stating that the saml-portlet plugin in based on the SAML Web Browser SSO Profile?

If that is true, it supports two models, SP initiated model and IdP initiated model. I understand that the liferay saml-portlet plugin now supports both the model. What if we have a use case that supports only IdP initiated model. In other words, my portal needs to provide access to set of trusted and authenticated users from my partner company (external portal), besides having my own authentication mechanism for my internal portal users.

I would assume my portal to be an SP as well as portal which can also directly authenticate its internal users. I don't think this functionality is restricted in the SAML specification stating that SP can't authenticate by its own. Please let me know if my assumption is wrong and if I am missing some thing from the SAML specification.

Naidu Jitta

Naidu Jitta, modificado 11 Anos atrás.

RE: SAML Plugin - Login Process on Service Provider

New Member Postagens: 6 Data de Entrada: 29/11/11 Postagens Recentes

Hi Mika,

I was checking the source code of the plugin and in AssertionConsumerServiceAction.java you are returning /portal/common_referer_js.jsp which is throwing a 404 file not found. I checked for this jsp file in the portal source code and could not find it. I can only find portal/common/referer_js.jsp. Is there any thing I am missing here?

Mika Koivisto, modificado 11 Anos atrás.

RE: SAML Plugin - Login Process on Service Provider

Liferay Legend Postagens: 1519 Data de Entrada: 07/08/06 Postagens Recentes

Yeah, I noticed that too and it's fixed in LPS-29510.

Syed Shabeer Ahmed, modificado 11 Anos atrás.

RE: SAML Plugin - Login Process on Service Provider

New Member Postagens: 7 Data de Entrada: 23/09/09 Postagens Recentes

I am using Saml plugin and liferay version is 6.0 SP2 EE , and i have observed that in the User table lastloginDate is not getting updated does any one has any idea on this issue.

Naidu Jitta, modificado 11 Anos atrás.

RE: SAML Plugin - Login Process on Service Provider

New Member Postagens: 6 Data de Entrada: 29/11/11 Postagens Recentes

The prerequisite for SAML plugin is liferay version 6.1 EE

Syed Ahmed, modificado 11 Anos atrás.

RE: SAML Plugin - Login Process on Service Provider

New Member Postagens: 7 Data de Entrada: 23/09/09 Postagens Recentes

Naidu Jitta:

The prerequisite for SAML plugin is liferay version 6.1 EE

Thanks for the quick reply. Does the lastlogindate get updated in Liferay version 6.1 EE ?

Bobby r, modificado 4 Anos atrás.

RE: SAML Plugin - Login Process on Service Provider

New Member Postagens: 9 Data de Entrada: 22/03/20 Postagens Recentes

Hello, Could some one please help me with the issue i am facing with SAML integration with liferay?As part of our requirement, we need to implement OKTA single sign on for our liferay application, I followed couple of documents online and was successfully able to integrate OKTA with my liferay application, by providing IDP and SP settings . Right now we are using custom auto login hook for the login purpose. And my requirement here is, I need to capture the initial SAML response from IDP, And based upon certain attributes i need to assign certain roles to the user login through OKTA before redirecting to the main page, But my issue here is, I am not able to capture the SAML response sent to c/portal/saml/acs by IDP , Could some one please able to help me to capture the saml response and set that resposne to the request parameters before redirecting ?