I need to connect a CUBA application to a SAML protocol based Identity Provider. I can handle all the SAML protocol details via the Spring framework support for it, however I need a way to (on a Spring MVC handler) programmatically create new users, assign roles and activate a login session.
Any hints on how to do this?
For web client I recommend that you implement your inheritor of CubaAuthProvider and set FQN of this class to cuba.web.externalAuthenticationProviderClass. Then enable cuba.web.externalAuthentication application property.
In fact CubaAuthProvider is a javax.servlet.Filter with additional methods. If you want to implement SSO using SAML you can implement doFilter and perform security checks there. As an example of CubaAuthProvider with SSO you can see IdpAuthProvider.
If you want to simply authenticate your users against SAML server in LoginWindow you just override authenticate method. You can find such an implementation in LdapAuthProvider.