It is possible to mix reading value method and computing Javascript function method to retrieve authentication information.
The following example assumes that the SSO provider returned values requiring both reading and computing.
It is possible to mix reading value method and computing Javascript function method to retrieve authentication information.
The following example assumes that the SSO provider returned values requiring both reading and computing.
Example of a response from the SSO provider
name_id: 7f44d40ff8ff8018bd488addc17df599ed0f1052
{
"firstName": ["Peter"],
"lastName": ["MacFergus"],
"mail": ["peter.macfergus@myfunnyworld.com"],
"job": ["Happiness Manager"],
"login": ["pmacfergus"],
"nameId": ["7f44d40ff8ff8018bd488addc17df599ed0f1052"]
}
Example of the authentication.js file to retrieve SSO provider data
The authentication.js file gathers Javascript functions to retrieve partial information from the SSO response.
function compute_display_name(name_id, attributes) {
return attributes.firstName[0] + ' ' + attributes.lastName[0];
}
function get_mail(name_id, attributes) {
return attributes.mail[0];
}
function compute_groups(name_id, attributes) {
if (attributes.login[0] == 'pmacfergus') {
return ['Managers', 'Human Resources Agents'];
}
return [];
}
Example of a conf.json file using SSO provider data
“ui”: {
...
"authentication": {
"realms": [
{
"name": "$SAML_NAME_EXAMPLE",
"type": "saml2",
"configuration": {
"name": "$SAML_NAME_EXAMPLE",
"keystoreFile": "saml/keystore.jks",
"keystorePassword": "$KEYSTORE_PASSWORD",
"privateKeyPassword": "$PRIVATE_KEY_PASSWORD",
"entityId": "http://$HOSTNAME/$TENANT_ID/",
"idpMetadataFile": "saml/idp_metadata.xml",
"idPropertyKey": "nameId",
"nameReaderFunction": "compute_display_name",
"mailReaderFunction": "get_mail",
"groupsPropertyKey": "job",
"rolesReaderFunction": "compute_roles",
"maxAuthenticationLifetime": "$NUMERICAL_VALUE"
}
}
]
}
...
},