SAML and Lift

91 views
Skip to first unread message

Donald McLean

unread,
Jun 25, 2015, 9:50:26 AM6/25/15
to liftweb
Hi all,

Has anyone every used SAML in a Lift application for SSO? I would really appreciate some advice on how to get started with this.

Thanks,

Donald

ti com

unread,
Jul 8, 2015, 1:54:07 PM7/8/15
to liftweb
Have you seen pac4j?

--
--
Lift, the simply functional web framework: http://liftweb.net
Code: http://github.com/lift
Discussion: http://groups.google.com/group/liftweb
Stuck? Help us help you: https://www.assembla.com/wiki/show/liftweb/Posting_example_code

---
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Donald McLean

unread,
Jul 8, 2015, 2:19:27 PM7/8/15
to liftweb
Yes. Though it may not be necessary for us to implement this. We're still talking through things.
--
Family photographs are a critical legacy for
ourselves and our descendants. Protect that
legacy with a digital backup and recovery plan.

David Hagan

unread,
Jul 14, 2016, 10:06:46 PM7/14/16
to Lift
Same answer as "ti com", but with a little more detail:

If you're not interested in integrating into sitemap directly, then you might want to look at:

apache Shiro
buji-pac4j
pac4j-saml

I've had to use this stack when the client wanted to be able to alter the security configuration of the app from shiro configuration at the container level.  In essence, it's implemented at the java level, using another member in the filter-chain before the liftfilter.  In that way, you can really bring in any java-servlet based authentication module into a lift-app, and it doesn't need to be integrated into Lift, but you'll also lose the opportunity for in-depth integration into Lift's sitemap.


If you're interested in integrating into sitemap directly, I've used pac4j directly by wiring it into a LiftRules.dispatchPartial function.  Because Pac4J wasn't built for Lift, there existed the need to write a class extending org.pac4j.core.context.WebContext, but that was really the only part of stepping into Pac4J's paradigm.  The WebContext class is straightforward enough to extend - it appears to be largely just an abstraction to allow the SAML handler to extract the original request from the webserver, so that it can supply scheme,host,port,path,query to the relayState, which of course you populate however you'd like.

Good luck.
Reply all
Reply to author
Forward
0 new messages