Hi Shaun, Mark has some good suggestions. I'll also add that (obviously) you need to list your Plugin in the "plugin.sequence.org.dspace.authenticate.AuthenticationMethod" configuration, for it to be picked up & recognized.
Also, just a sidenote... have you tried using our Shibboleth Plugin with your SAML authentication? I know Shibboleth is not exactly the same as SAML, but it is an implementation of SAML. At the very least, you might be able to look closely at the Shibboleth Plugin to see how it does things (and do the same things for your SAML plugin): https://wiki.duraspace.org/display/DSDOC5x/Authentication+Plugins#AuthenticationPlugins-ShibbolethAuthentication Good luck, Tim On Thu, Oct 4, 2018 at 9:31 AM Mark H. Wood <[email protected]> wrote: > On Thursday, October 4, 2018 at 4:29:42 AM UTC-4, Shaun Donovan wrote: >> >> I am struggling to write a SAML authentication plugin. I have tried to >> make sense of the documentation regarding this, but cannot get it to work. >> >> Basically, I write an implementation of AuthenticationMethod, and >> configure DSpace to use it. So far so good, I can see that my code is being >> accessed when I click on "Login". The only code accessed is method >> getSpecialGroups() and loginPageURL() >> >> However, the "authenticate" method is never called through the process, >> and DSpace responds with "No Authentication Method Found" (if method >> "loginPageUrl" returns null). >> >> If I set method "loginPageUrl" to return a string (for example >> request.getContextPath() +"/saml-login"), I simply get a "Page Not Found", >> so somewhere I am missing a mapping that tells the authentication process >> to access my "authenticate" method through a different URL? >> >> In AuthenticationServiceImpl.java I see that the authentication process >> iterates through the stackable list of AuthenticationMethods and calls >> their "authenticate" method, but then why does it not call mine? >> >> > > loginPageUrl() returns the URI for the page to which the user should be > sent in order to collect credentials for validation. It could be a DSpace > page (and you would need to create that page) or it could go off to some > other service which eventually returns to DSpace (which seems likely for > SAML). At some point, having authenticated the user's credentials, the > specific authentication plugin will call > AuthenticationService.authenticate() or .authenticateImplicit(), which > calls authenticate() on all stacked 'AuthenticationMethod's. > > For example, here we have a plugin that returns a URI to our CAS service > as loginPageUrl, adding the return-to-DSpace URI that CAS needs. The > service bounces the user back to DSpace, adding a service ticket to the > request. The return URI that we supply is mapped to an XMLUI Action we > wrote, which validates the ticket, maps it to a DSpace EPerson, and calls > AuthenticationService.authenticate(), which calls our > AuthenticationMethod.authenticate() (and others'). > > So a complete authentication plugin has several parts: > > o an implementation of AuthenticationMethod; > o UI code to collect user credentials (if needed); > o UI code to validate a user's identity with a DSpace EPerson and call > AuthenticationService to complete session creation. > > -- > All messages to this mailing list should adhere to the DuraSpace Code of > Conduct: https://duraspace.org/about/policies/code-of-conduct/ > --- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/dspace-tech. > For more options, visit https://groups.google.com/d/optout. > -- Tim Donohue Technical Lead for DSpace & DSpaceDirect DuraSpace.org | DSpace.org | DSpaceDirect.org -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
