External authentication


We are trying to authenticate users through ADFS. We have extended the Login window so that users won’t need to enter the username and password. here’s the authentication flow:

  1. The user presses login, we execute a JavaScript.eval("window.location.href = 'some location'"); to open an external webpage while replacing the current window, so that he can authenticate himself to the external system.
  2. After authenticating himself to the external system, we'll receive an access_token through a redirect_url with some params.
  3. We store that access_token and consider the user as authenticated
  4. The user gets redirected to the mainWindow
We're having some issues with #3 and #4. We are following the same pattern as the IdpAuthProvider, but we're stuck on how to mark a user as authenticated so we can retrieve this user later on from the UserSession in other windows. Also, we've overriden the doFilter method from CubaAuthProvider, so we can receive the params sent with the redirect_url, but after we receive the token we aren't sure how to redirect the user to the mainWindow from the doFilter method.

Any help is appreciated.



I’d recommend that you take a look at social login sample that shows how to use Facebook as an authentication mechanism. There you will find how to redirect users and receieve access_code back. GitHub - cuba-platform/sample-social-login: Custom authentication for CUBA Applications using Facebook This example is useful when you create custom authentication using another services OAauth / SSO / etc.

Login redirect and callback are implemented here in extended login window: sample-social-login/ExtAppLoginWindow.java at master · cuba-platform/sample-social-login · GitHub