Setting up SAML authentication - placing resources on classpath

[Dan Tenenbaum]

Hello,

I am working with CBioPortal 3.7.6, using Docker.

I am trying to set up SAML authentication.

(I realize that this particular combination - cbioportal using Docker, and SAML, is not documented so maybe it's not supported? I'm hoping it is though because Docker is recommended in the documentation and SAML is what will work best for me (not keycloak)).

Anyway, I am following along with the documentation here:

https://docs.cbioportal.org/2.2-authorization-and-authentication/authenticating-users-via-saml#configuring-saml-within-cbioportal

( am not using onelogin because I already have an identity provider).

I have created a keystore, and I have a CBioPortal.xml file that was provided by my IT department. Sounds like I need to place these on the classpath.

The documentation says to put these files in

portal/src/main/resources/

What directory is this relative to? In my cbioportal docker container there is no such directory.

There is a /cbioportal/core/src/main/resources directory, but when I place the files there

(by mounting that directory to an external directory that contains all the original contents

plus the two files), it seems that directory is not on the classpath because I get this error when

starting up:

on is java.lang.IllegalArgumentException: Could not retrieve file for class path resource [CBioPortal.xml]: class path resource [CBioPortal.xml] cannot be resolved to URL because it does not exist

This is the relevant entry in portal.properties:

saml.idp.metadata.location=classpath:/CBioPortal.xml

and I am starting up with this VM option:

-Dauthenticate=saml

How do I determine what the classpath is inside my CBioPortal container?

Thanks....

[Benjamin Gross]

Hi,

Since you are using docker and not compiling the code from source, you cannot reference the XML file via the class path.  What I think you can do is modify the docker-compose yaml and put an entry to your XML file after the following:

https://github.com/cBioPortal/cbioportal-docker-compose/blob/5da068f0eb9b4f42db52ab5e91321b26a1826d7a/docker-compose.yml#L14

Then within you portal.properties file, you can reference the XML not via the classpath, but via the full path:

saml.idp.metadata.location=/cbioportal/CBioPortal.xml

Note, it is possible to setup keycloak to communicate with your IDP via SAML which makes the administration of users/permissions a bit cleaner.

Let us know if you have any further questions.

Best,

Benjamin

[Ino de Bruijn]

Forwarding this reply to the user as well

--
You received this message because you are subscribed to the Google Groups "cBioPortal for Cancer Genomics Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cbioportal+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cbioportal/7d6e1fb6-7fc0-4ae1-af1c-b54446b3bfd0n%40googlegroups.com.

[Pim van Nierop]

Hi all,

The solution proposed by Ben will work. For completeness I would like to add here that resources CAN be placed on the classpath. To to this, the docker compose file should volume mount the file to path /cbioportal-webapp/WEB-INF/classes/. For instance for the IDP metadata XML:

volumes:

- <path to file>/CBioPortal.xml:/cbioportal-webapp/WEB-INF/classes/CBioPortal.xml:ro

 The file can then be referenced as:

saml.idp.metadata.location=classpath:/CBioPortal.xml

All the best,

Pim

[Dan Tenenbaum]

Thanks. That does indeed work as far as putting files on the classpath so they can be found. However, there seems to be something wrong with the CBioPortal.xml file that I have.

First I got this error:

cbioportal-container          | org.xml.sax.SAXParseException; lineNumber: 3; columnNumber: 6; The processing instruction target matching "[xX][mM][lL]" is not allowed.

I think that's because the file starts off with this line:

<?xml version="1.0" encoding="UTF-8"?>

If I delete that line I then get this:

java.lang.IllegalArgumentException: Entity ID criteria must be supplied

This XML file was supplied by my IT department and is supposed to be the correct format for SAML authentication.

Any ideas what's going on here?

There is an EntityDescriptor tag in the file...

Thanks,

Dan