Pac4j SAML support for existing app
74 views
Skip to first unread message
Олег Берест
Jan 30, 2023, 2:38:36 AM1/30/23
to Pac4j users mailing list
Hello, need help with current problem - there is existing web application with shiro.ini configuration as main security framework. Task - add SSO feature with minimum changes. We want to use pac4j for SAML support. Have next questions/problems:
- we have requirement to be flexible and for different customers provide different IdPs - working draft is to add in web.xml new org.pac4j.jee.filter.SecurityFilter with configFactory where related files of specific IdP are loaded. Questions 1) now we combine programmatical and configurational approach - it works, but I am not sure that this is good solution, because as I underastand it must be several security singletone objects and now looks like I have 2(one for each approach) 2) not all moments from demo apps are clear, like where configFactory field is declared or why <param-name>clients</param-name> must be <param-value>SAML2Client</param-value> - it is somewhere predefined client - can not find good documentation
- is it possible to support several IdP at the same time, I mean user can login via OKTA or MIcrosoft choosing option in UI. We make two security filters with different callback filters and during authorization process there is redirection to IdP login page, but then just one IdP works properly which was declared later in web.xml. Look's like last configuration override everything.
Will be happy with any recommendations and answers as now we have to decide use pac4j or look for some other
Will be happy with any recommendations and answers as now we have to decide use pac4j or look for some other
Message has been deleted
Rohit Pawar
Jul 11, 2023, 2:16:43 AM7/11/23
to Please use https://stackoverflow.com with the pac4j tag
>>We make two security filters with different callback filters and during the authorization process there is redirection to the IdP login page. Still, then just one IdP works properly which was declared later in web.xml. Look's like the last configuration overrides everything.
Your Mentioned scenario is possible in pac4j
And the problem mentioned above I think it's because of sp-metadata-file.xml (you are using the same sp file for both configurations), like you have said you created 2 configs with different callbacks, and so you have to give the sp-file-metadata-file name with different (so overriding would be happening).
and you have to give the Client name different for both and in security-filter give that one client.
and for each client, you have to define a separate filter, or you have to find a way to pass the client name at runtime to the security-filter.
Your Mentioned scenario is possible in pac4j
And the problem mentioned above I think it's because of sp-metadata-file.xml (you are using the same sp file for both configurations), like you have said you created 2 configs with different callbacks, and so you have to give the sp-file-metadata-file name with different (so overriding would be happening).
and you have to give the Client name different for both and in security-filter give that one client.
and for each client, you have to define a separate filter, or you have to find a way to pass the client name at runtime to the security-filter.
Reply all
Reply to author
Forward
0 new messages