Re: Ofbiz integration with Azure AD SSO
Hi Vipin, we have implemented an SSO integration via SAML2 with Azure for a portal solution and several subsystems based on OFBiz recently. The solution mainly consists of * a SAML API implementation using the OneLogin SAML API * this was modified to make use of the internal OFBiz login service for the local OFBiz webapp login * the integration happens using the OFBiz login extension mechnism (which we also have improved for dealing with logout) by an implementation of org.apache.ofbiz.webapp.control.LoginCheck to hook into LoginWorker.extensionCheckLogin for webapp specific external SAML2 authentication * the SAML SSO login can be configured/activated per webapp You will still need an OFBiz user for the use of your application, if it is not to be used anonymously. Hope that helps, best regards, Michael Brohl ecomify GmbH - www.ecomify.de Am 23.03.20 um 11:14 schrieb vipin nirwal: Hi All, I have to integrate ofbiz with Azure Active Directory SSO. Requirement: I have a portal for users which is integrated with Azure SSO. When a call is being made to ofbiz from my portal, then i do not want to pass ofbiz username/password in that call, even i want to use the SSO only. Is there a tighter integration that ofbiz can have with an SSO so that a user may get authenticated directly without using an ofbiz user? Please let me know , how can i achieve this? Thank you in advance. smime.p7s Description: S/MIME Cryptographic Signature
Re: Ofbiz integration with Azure AD SSO
Thanks Jacques and Jason. I will go through as recommended by both of you. Will share if i found some other way. Thanks, Vipin On Wed, Mar 25, 2020 at 4:22 PM Jason RJ wrote: > It might also be worth taking a look at the Microsoft Azure AD Integration > guide [1] for general guidance on integrating with a Java app. > > Sample code is included. > > Jason > > [1] > https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-java-webapp-openidconnect/integrating-azure-ad-into-a-java-web-application/ > > On 25/03/2020 10:28, Jacques Le Roux wrote: > Hi Vipin, > > I don't know anything about Azure SSO and the documentation is sparse. > > It's based on a federation like SAML[2], but according to [1] it has not > been tested with SAML. > If it was you could have used Shibboleth[3]. You could try at your own > risk (spend money for nothing), nothing is guaranteed. It seems only > commercial products have been tested. > > So I have no ideas about it and that's all I can say. > > This said how do you call OFBiz? If you use simple URLs you could use a > degraded mode where you send the parameters in the URL like: > > webtools/control/login?USERNAME=admin=ofbiz=Y > > Of course it's not recommended because unsafe (can be intercept by a Man > in the Middle). But if your are in a safe network, why not? > > [1] https://www.microsoft.com/en-us/download/details.aspx?id=56843 > [2] https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language > [3] https://en.wikipedia.org/wiki/Shibboleth_(Shibboleth_Consortium) > > Jacques > > Le 23/03/2020 à 11:14, vipin nirwal a écrit : > Hi All, > > I have to integrate ofbiz with Azure Active Directory SSO. > > Requirement: I have a portal for users which is integrated with Azure SSO. > When a call is being made to ofbiz from my portal, then i do not want to > pass ofbiz username/password in that call, even i want to use the SSO > only. Is > there a tighter integration that ofbiz can have with an SSO so that a user > may get authenticated directly without using an ofbiz user? > > Please let me know , how can i achieve this? > > > Thank you in advance. > > -- Thanks & Regards Vipin Nirwal
Re: Ofbiz integration with Azure AD SSO
It might also be worth taking a look at the Microsoft Azure AD Integration guide [1] for general guidance on integrating with a Java app. Sample code is included. Jason [1] https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-java-webapp-openidconnect/integrating-azure-ad-into-a-java-web-application/ On 25/03/2020 10:28, Jacques Le Roux wrote: Hi Vipin, I don't know anything about Azure SSO and the documentation is sparse. It's based on a federation like SAML[2], but according to [1] it has not been tested with SAML. If it was you could have used Shibboleth[3]. You could try at your own risk (spend money for nothing), nothing is guaranteed. It seems only commercial products have been tested. So I have no ideas about it and that's all I can say. This said how do you call OFBiz? If you use simple URLs you could use a degraded mode where you send the parameters in the URL like: webtools/control/login?USERNAME=admin=ofbiz=Y Of course it's not recommended because unsafe (can be intercept by a Man in the Middle). But if your are in a safe network, why not? [1] https://www.microsoft.com/en-us/download/details.aspx?id=56843 [2] https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language [3] https://en.wikipedia.org/wiki/Shibboleth_(Shibboleth_Consortium) Jacques Le 23/03/2020 à 11:14, vipin nirwal a écrit : Hi All, I have to integrate ofbiz with Azure Active Directory SSO. Requirement: I have a portal for users which is integrated with Azure SSO. When a call is being made to ofbiz from my portal, then i do not want to pass ofbiz username/password in that call, even i want to use the SSO only. Is there a tighter integration that ofbiz can have with an SSO so that a user may get authenticated directly without using an ofbiz user? Please let me know , how can i achieve this? Thank you in advance.
Re: Ofbiz integration with Azure AD SSO
Hi Vipin, I don't know anything about Azure SSO and the documentation is sparse. It's based on a federation like SAML[2], but according to [1] it has not been tested with SAML. If it was you could have used Shibboleth[3]. You could try at your own risk (spend money for nothing), nothing is guaranteed. It seems only commercial products have been tested. So I have no ideas about it and that's all I can say. This said how do you call OFBiz? If you use simple URLs you could use a degraded mode where you send the parameters in the URL like: webtools/control/login?USERNAME=admin=ofbiz=Y Of course it's not recommended because unsafe (can be intercept by a Man in the Middle). But if your are in a safe network, why not? [1] https://www.microsoft.com/en-us/download/details.aspx?id=56843 [2] https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language [3] https://en.wikipedia.org/wiki/Shibboleth_(Shibboleth_Consortium) Jacques Le 23/03/2020 à 11:14, vipin nirwal a écrit : Hi All, I have to integrate ofbiz with Azure Active Directory SSO. Requirement: I have a portal for users which is integrated with Azure SSO. When a call is being made to ofbiz from my portal, then i do not want to pass ofbiz username/password in that call, even i want to use the SSO only. Is there a tighter integration that ofbiz can have with an SSO so that a user may get authenticated directly without using an ofbiz user? Please let me know , how can i achieve this? Thank you in advance.
