Spring Boot-Embedded Camunda Single Sign-on With SAML IDP Provider
From flow chart to implementation.
Join the DZone community and get the full member experience.Join For Free
Single sign-on flow:
- User tries to access Camunda web apps
- Camunda apps detect that the user has not logged into IDP and creates SAML request redirects the user to IDP
- The user enters credentials in IDP. After successful login, IDP sends a SAML response to Camunda
- The app parses response and sets into the spring security context and passes the control to the Camunda Authentication filter
- The Camunda custom authentication provider takes authenticated user details, such as name and group, and passes them on to the Camunda authorization service
- The Camunda authorization service, based on user roles, opens a welcome page
To achieve SSO, we should use Spring Security so that Spring framework handles the authentication and passes the authenticated user on to Camunda.
We only need to add the ContainerBasedAuthenticationFilter that ships with the Camunda product and provide a custom authentication provider.
By implementing a class that implements the org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider interface, one should be able to provide authentication details.
I have used Onelogin as the IDP provider, created a trial account in https://www.onelogin.com/free-trial, and set up the application. Then, I downloaded metadata.xml and placed the metadata.xml file inside the resource directory.
Spring security Implementation to connect to IDP:
Container-based authentication filter implementation:
SAML user service:
Opinions expressed by DZone contributors are their own.