Merlin Ho
Merlin Ho
Offline
0
We have a portal web site and need to do SSO with SBM. However, what it provided for SSO authentication is not belong to any third-party SSO authentication listed provided by SBM. Therefore, I would like to make a middle-tier system, perhaps another web site, between the portal web site and SBM. What I think of is using custom http header mentions in the SBM installation guide to communicate with SBM. But, I am stuck in redirection to SBM web page with providing custom http header, because it seems not possible to ask the browser to make a http request with custom http header, while the middle-tire system does the redirect thing.

I was using asp.net to create the web site by the way. Does anybody have experiences about this or making a third-part authentication SSO provider application?

Any idea would be appreciated.

Thanks!
Responses (5)
  • Accepted Answer

    Monday, August 06 2018, 04:15 PM - #Permalink
    0
    Hi Merlin,

    Are you just redirecting the user to the SBM server and want to log the user into SBM automatically based on the credentials entered at the portal? If so, how do you collect the credentials?

    David Goodale
    The reply is currently minimized Show
  • Accepted Answer

    Merlin Ho
    Merlin Ho
    Offline
    Monday, August 06 2018, 09:31 PM - #Permalink
    0
    Hi David,

    Yes. You are right. I just want to redirect to SBM with the credential entered at portal. Actually, portal sends http get method with a string to me. When I receive the data, I can then consume a web service to portal with the data I received and the user information returned.


    Merlin Ho
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 07 2018, 10:11 AM - #Permalink
    0
    Hi Merlin,

    I think you are saying that the portal browser sends a request to the portal backend (you) with the user credential. You then log into SBM as that user grab the data and send it back to the portal. Correct?

    David
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, August 08 2018, 11:30 AM - #Permalink
    0
    Hi Merlin,

    Here is a couple of cases that you can use to authenticate to SBM assuming that we are just taking an existing authentication to the portal and redirecting it to the SBM UI.

    Case 1.

    The portal is behind a proxy that requires authentication. Proxy sets a header on login and allows users to continue on to the portal. The user then clicks a link to open up SBM. Set SBM behind that same proxy so that SBM reads the header with the login id and logs the user in using SBM's SSO third party authentication (custom header).

    Case 2.

    The portal logs the user in with some sort of IDP, that is not a proxy, but sets a cookie or some other session variable for the user on login. Setup SBM so that its federation server URL redirects the user to the IDP server for login. For example, SBM's federation server url is https://sbmserver/idp/login, override this url to be https://idpserver/idp/login. Once the user logs in, a header is set and the url is proxied to SBM so that it hits the SBM IDP with a header set. User gets logged in using SBM's SSO third party authentication (custom header).

    Case 3.

    The portal uses and IDP that is SAML2 capable. Make SBM use that same IDP using SBM's SSO third party authentication (SAML2).

    I hope this helps.

    Regards,
    David Goodale
    Like
    The reply is currently minimized Show
  • Accepted Answer

    Merlin Ho
    Merlin Ho
    Offline
    Monday, August 13 2018, 04:29 AM - #Permalink
    0
    Hi David,

    It seems Case 2 suit for me. However, I have some questions and need your help.

    You said overriding federation url to https://idpserver/idp/login. My question is where is the setting that I can make that change in SBM. The second question is how SBM knows the user been authenticated. Is just preparing custom header enough? The last question is when I go to url http://localhost:8085/idp/ on my SBM Server, it is redirected to the url ‘https://hostname/idp/sso/saml’. Of course, there is no web server named ‘hostname’, and a page not fond is shown. It seems like there is setting incorrect. Do you know where is the setting.

    Thanks for your help.

    Regards,
    Merlin Ho
    The reply is currently minimized Show
Your Reply