Question

我想将SSO集成到在Apache Tomcat上运行的camunda Webapp中。我已使用Ldap插件以及带有此guide的管理员授权插件启用了LDAP。现在启用SSO，我遵循此git repo提供的saml-client。但是我不知道在我的camunda应用程序中放置saml-client的位置，我应该实现Filter并将这些片段放入doFilter（）吗？像这样：

package my.domain.com.camunda.auth;

import static org.camunda.bpm.engine.authorization.Permissions.ACCESS;
import static org.camunda.bpm.engine.authorization.Resources.APPLICATION;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.ServiceLoader;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.camunda.bpm.cockpit.Cockpit;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.ProcessEngine;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.rest.spi.ProcessEngineProvider;
import org.camunda.bpm.webapp.impl.security.SecurityActions;
import org.camunda.bpm.webapp.impl.security.SecurityActions.SecurityAction;
import org.camunda.bpm.webapp.impl.security.auth.Authentication;
import org.camunda.bpm.webapp.impl.security.auth.Authentications;
import org.camunda.bpm.webapp.impl.security.auth.UserAuthentication;

import com.coveo.saml.SamlClient;
import com.coveo.saml.SamlResponse;

/**
 * This security filter maps the user to the camunda user and group management
 *
 */
public class AuthenticationFilter implements Filter {

    private static final String[] APPS = new String[] { "cockpit", "tasklist" };
    private static final String APP_MARK = "/app/";

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletReq, ServletResponse servletRes, FilterChain chain)
            throws IOException, ServletException {
        final HttpServletRequest servletRequest = (HttpServletRequest) servletReq;
        final HttpServletResponse servletResponse = (HttpServletResponse) servletRes;

        SamlClient client = SamlClient.fromMetadata("MyRelyingPartyIdentifier",
                "http://some/url/that/processes/assertions", "<your.IDP.metadata.xml>");
        String encodedRequest = client.getSamlRequest();
        String idpUrl = client.getIdentityProviderUrl();
        // redirect to the identity provider, passing the encoded request with the
        // SAMLRequest form parameter.

//      String encodedResponse = servletRequest.getParameter("SAMLResponse");
//      SamlResponse response = client.decodeAndValidateSamlResponse(encodedResponse);
//      String authenticatedUser = response.getNameID();

        // To initiate the authentication exchange
        client.redirectToIdentityProvider(servletResponse, "");
        // To process the POST containing the SAML response
        SamlResponse response = client.processPostFromIdentityProvider(servletRequest);
    }

    @Override
    public void destroy() {

    }
}

我很困惑，因为这是我的第一个SSO实施。有人可以指导我吗？

如何使用流程引擎插件在Camunda中启用SSO

0 个答案: