Client selection
31 views
Skip to first unread message
callidus
Jul 28, 2017, 6:32:55 AM7/28/17
to Pac4j users mailing list
Hi everybody,
The goal i would like to achieve, is providing an endpoint with a form, that lists all configured clients. If there is a user entering my app and would like to login, i will send him to this form, where the user has to decide which client he would like to choose.
But after that point i got stucked.
i got some trouble handling different SAMLClients. But lets start from the beginning...
I'm using Play 2.5 with scala and play-pac4j 2.6.2
I've configured (for simplicity) 2 SMALClients
valclient1 = new SMAL2Client(saml2configForClient1...)
valclient2 = new SMAL2Client(saml2configForClient2...)
The goal i would like to achieve, is providing an endpoint with a form, that lists all configured clients. If there is a user entering my app and would like to login, i will send him to this form, where the user has to decide which client he would like to choose.
Imagin a library that collaborates with 2 universities and their users should choos their university...
Now im struggling with the redirects to the identity provider.
From the configuration i could fetch all configured clients like
config.getClients.findAllClients...But after that point i got stucked.
I found some RedirectAction with the clients and so on, but it looks like something different.
I hope that i could point out my problem....
hint: i spend a lot of time reading wikis and readmes and so on, but without success.
i do not want to add one protected endpoit for each client to my app and so on....
regards
callidus
Jérôme LELEU
Jul 29, 2017, 9:17:46 AM7/29/17
to callidus, Pac4j users mailing list
Hi,
This use case can be handled with pac4j, but I'm not sure it's documented anywhere.
Of course, if you want to use different SAML clients, you need different configurations and different names.
You can secure an URL with @Secure(clients="SAML1Client"), but can you also secure an URL with @Secure(clients="SAML1Client,SAML2Client"). It means that SAML1Client will be used for login if you call the URL, but if you specify a client_name parameter, you can define what client will be used for authentication.
So you should have a login page, list the client names thanks to the Config object and then target the secured URL with client_name=XXX where XXX is the name of the client you want to use for login.
Thanks.
Best regards,
Jérôme
--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages