It is possible to mix reading value method and computing Javascript function method to retrieve authentication information.
The following example assumes that the SSO provider returned values requiring both reading and computing.
Example of a response from the SSO provider
- NameID
name_id: 7f44d40ff8ff8018bd488addc17df599ed0f1052
- Attributes
{
"firstName": ["Peter"],
"lastName": ["MacFergus"],
"mail": ["peter.macfergus@myfunnyworld.com"],
"job": ["Happiness Manager"],
"login": ["pmacfergus"],
"nameId": ["7f44d40ff8ff8018bd488addc17df599ed0f1052"]
}
Example of the authentication.js file to retrieve SSO provider data
The authentication.js file gathers Javascript functions to retrieve partial information from the SSO response.
- The following function computes the user display_name parameter:
function compute_display_name(name_id, attributes) {
return attributes.firstName[0] + ' ' + attributes.lastName[0];
} - The following function gets the user email:
function get_mail(name_id, attributes) {
return attributes.mail[0];
} - The following function computes the user groups:
function compute_groups(name_id, attributes) {
if (attributes.login[0] == 'pmacfergus') {
return ['Managers', 'Human Resources Agents'];
}
return [];
}
Example of a conf.json file using SSO provider data
- The following example shows how the conf.json calls these functions:
“ui”: {
...
"authentication": {
"realms": [
{
"name": "$SAML_NAME_EXAMPLE",
"type": "saml2",
"configuration": {
"name": "$SAML_NAME_EXAMPLE",
"keystoreFile": "saml/keystore.jks",
"keystorePassword": "$KEYSTORE_PASSWORD",
"privateKeyPassword": "$PRIVATE_KEY_PASSWORD",
"entityId": "http://$HOSTNAME/$TENANT_ID/",
"idpMetadataFile": "saml/idp_metadata.xml",
"idPropertyKey": "nameId",
"nameReaderFunction": "compute_display_name",
"mailReaderFunction": "get_mail",
"groupsPropertyKey": "job",
"rolesReaderFunction": "compute_roles",
"maxAuthenticationLifetime": "$NUMERICAL_VALUE"
}
}
]
}
...
},