Discussion:
Javascript Connector that authenticates with web server using SAMLv2 IdP-initiated SSO?
(too old to reply)
Brian Laskey
2019-10-16 15:00:53 UTC
Permalink
We have some existing TDI javascript based connectors which integrate via REST API to an application on a WebSphere app server. In some cases the server may be configured to use SAMLv2 SSO authentication, rather than our default authentication. Currently the server is responding to our requests with 302 redirects to the IdP to perform a login.

Was wondering whether there is any guidance on feasibility of creating something in the connector that can authenticate with SAMLv2? Are there any examples for this? Javascript/Node does have some open-source packages which might support this method, but not sure if that's something you can easily integrate with a TDI connector?

We are currently trying to use SDI 7.2.0.3
SAML IdP is ADFS (in this case)
Eddie Hartman
2019-10-20 20:22:54 UTC
Permalink
Post by Brian Laskey
We have some existing TDI javascript based connectors which integrate via REST API to an application on a WebSphere app server. In some cases the server may be configured to use SAMLv2 SSO authentication, rather than our default authentication. Currently the server is responding to our requests with 302 redirects to the IdP to perform a login.
Was wondering whether there is any guidance on feasibility of creating something in the connector that can authenticate with SAMLv2? Are there any examples for this? Javascript/Node does have some open-source packages which might support this method, but not sure if that's something you can easily integrate with a TDI connector?
We are currently trying to use SDI 7.2.0.3
SAML IdP is ADFS (in this case)
Hi Brian,

I have passed to my go-to guys, but have not received an answer yet. Keep pestering me! Or perhaps we need a webex session to figure it out together :)

/Eddie
Karl Prinelle
2019-11-28 22:12:33 UTC
Permalink
Post by Brian Laskey
We have some existing TDI javascript based connectors which integrate via REST API to an application on a WebSphere app server. In some cases the server may be configured to use SAMLv2 SSO authentication, rather than our default authentication. Currently the server is responding to our requests with 302 redirects to the IdP to perform a login.
Was wondering whether there is any guidance on feasibility of creating something in the connector that can authenticate with SAMLv2? Are there any examples for this? Javascript/Node does have some open-source packages which might support this method, but not sure if that's something you can easily integrate with a TDI connector?
We are currently trying to use SDI 7.2.0.3
SAML IdP is ADFS (in this case)
We're using a script connector to work with a REST API and handle the expiry of the access_token and renewal using the refresh_token or re-login if the refresh_token has expired.

We have just written that logic in the script connector. Obviously different, but the principal is that you have an httpConnector, call .queryReply on it and you will get a 302 back, then programatically you can re-issue the .queryReply to complete the SSO process through however many redirects you get.

i.e.

httpConnector = system.getConnector("ibmdi.HTTPClient");
var responseEntry = httpConnector.queryReply(payloadEntry);
var httpResponseCode = responseEntry["http.responseCode"];
httpResponseCode == 302 --> get the redirect, configure the httpConnector and call .queryReply again.
Loading...