Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    How to implement Single Sign On Redirect

    I am working with WSO2 Identity Manager (IM) to implement Single Sign On.

    The workflow is:
    1. User logs on with userid/password
    2. Server application creates an authorization message and redirects the web browser to the WSO2 IM
    3. The IM responds with an authorization message
    4. If authorization is validated the server application allows the user to proceed.

    This workflow is documented in a web page-based application with the following code snippet:

    Code:
    public class Resource extends HttpServlet 
    {            
         private static SamlConsumer consumer = new SamlConsumer();          
         public void doGet(HttpServletRequest request, HttpServletResponse response) 
         {
                 requestMessage = consumer.buildRequestMessage();
                 response.sendRedirect(requestMessage);
         }           
         public void doPost(HttpServletRequest request, HttpServletResponse response) 
         {
                 responseMessage = request.getParameter("SAMLResponse").toString(); 
                 result = consumer.processResponseMessage(responseMessage);
         }
    }
    Since I am using SmartGWT my login is a SmartGWT application running on the browser. A log in request results an RPC request.

    My questions:
    1. Usering SmartGWT how do I redirect the browser with the SAML authentication message? Do I return the authorization request message to the SmartGWT application from the RPC and use Window.Location.replace(location)?
    2. If I do #1 how do I get the result of the post from the IM?

    #2
    Please take a look at the second on Authentication and Relogin in the QuickStart Guide. First of all, if it's not too late, just use a simple HTML login page rather than one based on SmartGWT widgets, as we recommend for reasons explained in the QuickStart.

    If you're stuck with your current design, you should send back an RPCResponse that has either a status code or data in it that your client-side code can detect, and then use Window.location.replace(), as you mentioned.

    It's not really clear to us what you mean by the second question - once you've done that window.location.replace() you seem to be in the same situation as any normal HTML login page.

    Comment

    Working...
    X