2.4.3. SAML2 scenario with REST callback

Warning

You are looking at documentation for an older release. Not what you want? See the current release documentation.

In this section, you set up a SAML2 scenario with eXo Platform performing SP role and Identity Store as well. IDP receives authentication request and callback to eXo Platform (as Identity Store) so eXo Platform users will be authenticated. This callback is carried out by idp-sig.war which can be deployed in plain JBoss AS. However, it requires some additional modules which are packed inside eXo Platform package, so you will deploy idp-sig.war against an eXo Platform package.

Before you start steps below, let's see the interconnecting configurations:

Platform SP configuration

  1. Configure eXo Platform SP as described in eXo Platform as SAML2 SP.

    You should change one configuration:

    gatein.sso.idp.url=http://${gatein.sso.idp.host}:8080/idp-sig/
    
  2. Start $Platform_SP

External IDP configuration

Note

In this part, we will use another platform package to deploy idp-sig.war. Please do not confuse it with eXo Platform IDP described in previous section. This package is used to run idp-sig.war.

  1. Copy $PLATFORM_SP/saml-plugin/idp-sig.war to $PLATFORM_IDP/standalone/deployments.

  2. Create an empty file named idp-sig.war.dodeploy under $PLATFORM_IDP/standalone/deployments.

  3. Remove $PLATFORM_IDP/standalone/deployments/platform.ear.dodeploy, so that platform.ear will not be deployed.

  4. Copy folder $PLATFORM_SP/saml-plugin/idp-sig-module/module into $PLATFORM_IDP.

  5. Add the following security domain to the $PLATFORM_IDP/standalone/configuration/standalone.xml file:

    
    <security-domain name="idp" cache-type="default">
       <authentication>
          <login-module code="org.gatein.sso.saml.plugin.SAML2IdpLoginModule" flag="required">
             <module-option name="gateInURL" value="http://www.sp.com:8080/portal"/>
          </login-module>
       </authentication>
    </security-domain>
  6. Start the IDP with options as follows:

    ./standalone.sh -b www.idp.com -c standalone.xml -Dsp.host=www.sp.com -Dsp.domains=sp.com -Dpicketlink.keystore=/jbid_test_keystore.jks

Test case

Now you can test the scenario as follows:

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus