SAML protocol integration

Hi,

I need to connect a CUBA application to a SAML protocol based Identity Provider. I can handle all the SAML protocol details via the Spring framework support for it, however I need a way to (on a Spring MVC handler) programmatically create new users, assign roles and activate a login session.
Any hints on how to do this?

Thanks
Pedro

1 Like

Hi,

What kind of CUBA client do you want to integrate with SAML? Web client with generic UI or portal client?

The priority is the web client (generic UI), however we probably will also need the same on the portal client.

Thanks
Pedro

For web client I recommend that you implement your inheritor of CubaAuthProvider and set FQN of this class to cuba.web.externalAuthenticationProviderClass. Then enable cuba.web.externalAuthentication application property.

In fact CubaAuthProvider is a javax.servlet.Filter with additional methods. If you want to implement SSO using SAML you can implement doFilter and perform security checks there. As an example of CubaAuthProvider with SSO you can see IdpAuthProvider.

If you want to simply authenticate your users against SAML server in LoginWindow you just override authenticate method. You can find such an implementation in LdapAuthProvider.

At the moment, we do not support custom authentication for portal and rest-api. There is an issue that addresses this problem: https://youtrack.cuba-platform.com/issue/PL-8477

See also: https://doc.cuba-platform.com/manual-6.4/ldap.html