...
Code Block | ||
---|---|---|
| ||
class SSOController{ // Route toGET "/maestrano/auth/saml/init/{marketplace}" to this method function init(Hash requestParameters){ // Retrieve the configuration for the given marketplace marketplace = requestParameters["marketplace"] config = MaestranoConfig.get(marketplace) request = new Authrequest(config, u) ssoUrl = authReq.getRedirectUrl(); redirectTo(ssoUrl) } } |
Examples in
...
Maestrano will check that everything is in order and then do a POST request to the SSO Consume Path url containing all the required information to identity the user and his organization connecting to your application.
Code Block | ||
---|---|---|
| ||
class SSOController{
// Route POST "/maestrano/auth/saml/consume/{marketplace}" to this method
function consume(Hash requestParameters){
// Retrieve the configuration for the given marketplace
marketplace = requestParameters["marketplace"]
config = MaestranoConfig.get(marketplace)
samlResp = config.getSso().buildResponse(requestParameters["SAMLResponse"])
if(samlResp.isValid()){
// Build MaestranoUser and MaestranoGroup (coming from the SDK)
mnoUser = new MaestranoUser(samlResp);
mnoGroup = new MaestranoGroup(samlResp);
// Build/Map local entities
var localGroup = MyGroup.FindOrCreateForMaestrano(marketplace, mnoGroup);
var localUser = MyUser.FindOrCreateForMaestrano(marketplace, mnoUser);
// Add localUser to the localGroup if not already part of it
if (!localGroup.HasMember(localUser)){
localGroup.AddMember(localUser);
}
var session = getCurrentHttpSession();
session["marketplace"] = marketplace;
// Set Maestrano session - used for Single Logout
config.getSso().setSession(session, mnoUser);
return redirect("/");
}else{
return content("Invalid SAML Response");
}
}
}
|
4 What do I have to pay attention to?
...
Warning | ||
---|---|---|
| ||
The virtual email addresses should only be used to create a unique user id, not to send emails to users; for that, you can always reach the user's real email. |
5 SSO Consume process
@RequestMapping(value = "/maestrano/auth/saml/init/{marketplace}", method = RequestMethod.GET) | |
public ModelAndView init(@PathVariable("marketplace") String marketplace, @RequestParam Map<String, String> allRequestParams) |
class SSOController{// Route POST "/maestrano/auth/saml/consume/{marketplace}" to this methodfunction consume(Hash requestParameters){// Retrieve the configuration for the given marketplacemarketplace = requestParameters["marketplace"]config = MaestranoConfig.get(marketplace)samlResp = config.getSso().buildResponse(requestParameters["SAMLResponse"])if(samlResp.isValid()){// Build MaestranoUser and MaestranoGroup (coming from the SDK)mnoUser = new MaestranoUser(samlResp);mnoGroup = new MaestranoGroup(samlResp);// Build/Map local entitiesvar localGroup = MyGroup.FindOrCreateForMaestrano(marketplace, mnoGroup);var localUser = MyUser.FindOrCreateForMaestrano(marketplace, mnoUser); // Add localUser to the localGroup if not already part of itif (!localGroup.HasMember(localUser)){localGroup.AddMember(localUser);}var session = getCurrentHttpSession();session["marketplace"] = marketplace;// Set Maestrano session - used for Single Logoutconfig.getSso().setSession(session, mnoUser);return redirect("/");}else{ return content("Invalid SAML Response");}
}}