SP identifier in PostAuthentication Plugin

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SP identifier in PostAuthentication Plugin

Francisco Rodriguez Corredor
Hi all,

we're developing a PostAuthentication Plugin for OpenAM V10 and we want
to identify the SP which has invoked the SSO process, is it possible to
get this property on runtime?

Thanks in advance.

--

Francisco Rodríguez Corredor
Dept. Sistemas de Información
Área Desarrollo SSII
Ud. Proyectos de SSII Horizontales
Sociedad Andaluza para el Desarrollo de las Telecomunicaciones, S.A.
Avda. Camino de los Descubrimientos, 17
Pabellón de Francia - PCT Cartuja
(Ver en Mapea: http://lajunta.es/11rmz)
41092 – Sevilla
Tf.: 671 590 066 - 690 066
[hidden email]



_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam

francisco_r_corredor.vcf (457 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SP identifier in PostAuthentication Plugin

Andy Cory-2
Given that you talk about Service Providers, is your post-auth plugin an implementation of the SAML federation-specific com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter? Or is it a more generic implementation of com.sun.identity.authentication.spi.AMPostAuthProcessInterface?

If it’s the first one, you can identify the remote SP via its entityID, which you can get in both the postSingleSignOnSuccess and postSingleSignOnFailure methods by doing something like:

       String samlEntityId = ssoResponse.getIssuer().getValue();

Andy


On 13/09/2016, 09:39, "[hidden email] on behalf of Francisco Rodriguez Corredor" <[hidden email] on behalf of [hidden email]> wrote:

    Hi all,

    we're developing a PostAuthentication Plugin for OpenAM V10 and we want
    to identify the SP which has invoked the SSO process, is it possible to
    get this property on runtime?

    Thanks in advance.

    --

    Francisco Rodríguez Corredor
    Dept. Sistemas de Información
    Área Desarrollo SSII
    Ud. Proyectos de SSII Horizontales
    Sociedad Andaluza para el Desarrollo de las Telecomunicaciones, S.A.
    Avda. Camino de los Descubrimientos, 17
    Pabellón de Francia - PCT Cartuja
    (Ver en Mapea: http://lajunta.es/11rmz)
    41092 – Sevilla
    Tf.: 671 590 066 - 690 066
    [hidden email]









This email has been scanned for all viruses.

Please consider the environment before printing this email.

The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.

KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SP identifier in PostAuthentication Plugin

Francisco Rodriguez Corredor
Hi Andy,

     thanks for your response, unfortunately my implementation is of
com.sun.identity.authentication.spi.AMPostAuthProcessInterface, is is
possible to obtain SP information in my case?

     Thanks in advance.



El 14/09/16 13:43, Andy Cory escribió:

> Given that you talk about Service Providers, is your post-auth plugin an implementation of the SAML federation-specific com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter? Or is it a more generic implementation of com.sun.identity.authentication.spi.AMPostAuthProcessInterface?
>
> If it’s the first one, you can identify the remote SP via its entityID, which you can get in both the postSingleSignOnSuccess and postSingleSignOnFailure methods by doing something like:
>
>         String samlEntityId = ssoResponse.getIssuer().getValue();
>
> Andy
>
>
> On 13/09/2016, 09:39, "[hidden email] on behalf of Francisco Rodriguez Corredor" <[hidden email] on behalf of [hidden email]> wrote:
>
>      Hi all,
>
>      we're developing a PostAuthentication Plugin for OpenAM V10 and we want
>      to identify the SP which has invoked the SSO process, is it possible to
>      get this property on runtime?
>
>      Thanks in advance.
>
>      --
>
>      Francisco Rodríguez Corredor
>      Dept. Sistemas de Información
>      Área Desarrollo SSII
>      Ud. Proyectos de SSII Horizontales
>      Sociedad Andaluza para el Desarrollo de las Telecomunicaciones, S.A.
>      Avda. Camino de los Descubrimientos, 17
>      Pabellón de Francia - PCT Cartuja
>      (Ver en Mapea: http://lajunta.es/11rmz)
>      41092 – Sevilla
>      Tf.: 671 590 066 - 690 066
>      [hidden email]
>
>
>
>
>
>
>
>
>
> This email has been scanned for all viruses.
>
> Please consider the environment before printing this email.
>
> The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.
>
> KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam

--

Francisco Rodríguez Corredor
Dept. Sistemas de Información
Área Desarrollo SSII
Ud. Proyectos de SSII Horizontales
Sociedad Andaluza para el Desarrollo de las Telecomunicaciones, S.A.
Avda. Camino de los Descubrimientos, 17
Pabellón de Francia - PCT Cartuja
(Ver en Mapea: http://lajunta.es/11rmz)
41092 – Sevilla
Tf.: 671 590 066 - 690 066
[hidden email]



_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam

francisco_r_corredor.vcf (628 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SP identifier in PostAuthentication Plugin

Andy Cory-2
Hi Francisco

I’ve never tried, I’m afraid. Looking at the signature of the methods, I can’t see that anything is passed in that may expose that information though. That’s not to say that someone else hasn’t worked out a way. Given you know you can get the information in a SAML2ServiceProviderAdapter, is there any scope for using that plug in as well/instead?

--
Andy


On 14/09/2016, 12:51, "[hidden email] on behalf of Francisco Rodriguez Corredor" <[hidden email] on behalf of [hidden email]> wrote:

    Hi Andy,

         thanks for your response, unfortunately my implementation is of
    com.sun.identity.authentication.spi.AMPostAuthProcessInterface, is is
    possible to obtain SP information in my case?

         Thanks in advance.



    El 14/09/16 13:43, Andy Cory escribió:
    > Given that you talk about Service Providers, is your post-auth plugin an implementation of the SAML federation-specific com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter? Or is it a more generic implementation of com.sun.identity.authentication.spi.AMPostAuthProcessInterface?
    >
    > If it’s the first one, you can identify the remote SP via its entityID, which you can get in both the postSingleSignOnSuccess and postSingleSignOnFailure methods by doing something like:
    >
    >         String samlEntityId = ssoResponse.getIssuer().getValue();
    >
    > Andy
    >
    >
    > On 13/09/2016, 09:39, "[hidden email] on behalf of Francisco Rodriguez Corredor" <[hidden email] on behalf of [hidden email]> wrote:
    >
    >      Hi all,
    >
    >      we're developing a PostAuthentication Plugin for OpenAM V10 and we want
    >      to identify the SP which has invoked the SSO process, is it possible to
    >      get this property on runtime?
    >
    >      Thanks in advance.
    >
    >      --
    >
    >      Francisco Rodríguez Corredor
    >      Dept. Sistemas de Información
    >      Área Desarrollo SSII
    >      Ud. Proyectos de SSII Horizontales
    >      Sociedad Andaluza para el Desarrollo de las Telecomunicaciones, S.A.
    >      Avda. Camino de los Descubrimientos, 17
    >      Pabellón de Francia - PCT Cartuja
    >      (Ver en Mapea: http://lajunta.es/11rmz)
    >      41092 – Sevilla
    >      Tf.: 671 590 066 - 690 066
    >      [hidden email]
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > This email has been scanned for all viruses.
    >
    > Please consider the environment before printing this email.
    >
    > The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.
    >
    > KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.
    >
    > _______________________________________________
    > Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
    > OpenAM mailing list
    > [hidden email]
    > https://lists.forgerock.org/mailman/listinfo/openam


    --

    Francisco Rodríguez Corredor
    Dept. Sistemas de Información
    Área Desarrollo SSII
    Ud. Proyectos de SSII Horizontales
    Sociedad Andaluza para el Desarrollo de las Telecomunicaciones, S.A.
    Avda. Camino de los Descubrimientos, 17
    Pabellón de Francia - PCT Cartuja
    (Ver en Mapea: http://lajunta.es/11rmz)
    41092 – Sevilla
    Tf.: 671 590 066 - 690 066
    [hidden email]









This email has been scanned for all viruses.

Please consider the environment before printing this email.

The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company or any of its subsidiaries or businesses in any contract or obligation, unless we have specifically agreed to be bound.

KCOM Group PLC is a public limited company incorporated in England and Wales, company number 02150618 and whose registered office is at 37 Carr Lane, Hull, HU1 3RE.

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SP identifier in PostAuthentication Plugin

Jeffrey Goers
In reply to this post by Francisco Rodriguez Corredor
If you are talking about a SAML SP, and your openAM is the IDP, then I believe you would write an implementation of SAML2IdentityProviderAdapter and declare it in the openAM IDP config advanced panel for IDP adapter.  You would have access to the SP and user session info.

jeff

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Francisco Rodriguez Corredor
Sent: Tuesday, September 13, 2016 4:39 AM
To: [hidden email]
Subject: [OpenAM] SP identifier in PostAuthentication Plugin

Hi all,

we're developing a PostAuthentication Plugin for OpenAM V10 and we want to identify the SP which has invoked the SSO process, is it possible to get this property on runtime?

Thanks in advance.

--

Francisco Rodríguez Corredor
Dept. Sistemas de Información
Área Desarrollo SSII
Ud. Proyectos de SSII Horizontales
Sociedad Andaluza para el Desarrollo de las Telecomunicaciones, S.A.
Avda. Camino de los Descubrimientos, 17
Pabellón de Francia - PCT Cartuja
(Ver en Mapea: http://lajunta.es/11rmz)
41092 - Sevilla
Tf.: 671 590 066 - 690 066
[hidden email]


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Loading...