You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by vipin nirwal <ni...@gmail.com> on 2020/03/23 10:14:20 UTC
Ofbiz integration with Azure AD SSO
Hi All,
I have to integrate ofbiz with Azure Active Directory SSO.
Requirement: I have a portal for users which is integrated with Azure SSO.
When a call is being made to ofbiz from my portal, then i do not want to
pass ofbiz username/password in that call, even i want to use the SSO only. Is
there a tighter integration that ofbiz can have with an SSO so that a user
may get authenticated directly without using an ofbiz user?
Please let me know , how can i achieve this?
Thank you in advance.
--
Thanks & Regards
Vipin Nirwal
Re: Ofbiz integration with Azure AD SSO
Posted by Michael Brohl <mi...@ecomify.de>.
Hi Vipin,
we have implemented an SSO integration via SAML2 with Azure for a portal
solution and several subsystems based on OFBiz recently.
The solution mainly consists of
* a SAML API implementation using the OneLogin SAML API
* this was modified to make use of the internal OFBiz login service for
the local OFBiz webapp login
* the integration happens using the OFBiz login extension mechnism
(which we also have improved for dealing with logout) by an
implementation of org.apache.ofbiz.webapp.control.LoginCheck to hook
into LoginWorker.extensionCheckLogin for webapp specific external SAML2
authentication
* the SAML SSO login can be configured/activated per webapp
You will still need an OFBiz user for the use of your application, if it
is not to be used anonymously.
Hope that helps, best regards,
Michael Brohl
ecomify GmbH - www.ecomify.de
Am 23.03.20 um 11:14 schrieb vipin nirwal:
> Hi All,
>
> I have to integrate ofbiz with Azure Active Directory SSO.
>
> Requirement: I have a portal for users which is integrated with Azure SSO.
> When a call is being made to ofbiz from my portal, then i do not want to
> pass ofbiz username/password in that call, even i want to use the SSO only. Is
> there a tighter integration that ofbiz can have with an SSO so that a user
> may get authenticated directly without using an ofbiz user?
>
> Please let me know , how can i achieve this?
>
>
> Thank you in advance.
>
Re: Ofbiz integration with Azure AD SSO
Posted by vipin nirwal <ni...@gmail.com>.
Thanks Jacques and Jason.
I will go through as recommended by both of you. Will share if i found some
other way.
Thanks,
Vipin
On Wed, Mar 25, 2020 at 4:22 PM Jason RJ <ja...@reast.net> wrote:
> It might also be worth taking a look at the Microsoft Azure AD Integration
> guide [1] for general guidance on integrating with a Java app.
>
> Sample code is included.
>
> Jason
>
> [1]
> https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-java-webapp-openidconnect/integrating-azure-ad-into-a-java-web-application/
>
> On 25/03/2020 10:28, Jacques Le Roux wrote:
> Hi Vipin,
>
> I don't know anything about Azure SSO and the documentation is sparse.
>
> It's based on a federation like SAML[2], but according to [1] it has not
> been tested with SAML.
> If it was you could have used Shibboleth[3]. You could try at your own
> risk (spend money for nothing), nothing is guaranteed. It seems only
> commercial products have been tested.
>
> So I have no ideas about it and that's all I can say.
>
> This said how do you call OFBiz? If you use simple URLs you could use a
> degraded mode where you send the parameters in the URL like:
>
> webtools/control/login?USERNAME=admin&PASSWORD=ofbiz&JavaScriptEnabled=Y
>
> Of course it's not recommended because unsafe (can be intercept by a Man
> in the Middle). But if your are in a safe network, why not?
>
> [1] https://www.microsoft.com/en-us/download/details.aspx?id=56843
> [2] https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
> [3] https://en.wikipedia.org/wiki/Shibboleth_(Shibboleth_Consortium)
>
> Jacques
>
> Le 23/03/2020 à 11:14, vipin nirwal a écrit :
> Hi All,
>
> I have to integrate ofbiz with Azure Active Directory SSO.
>
> Requirement: I have a portal for users which is integrated with Azure SSO.
> When a call is being made to ofbiz from my portal, then i do not want to
> pass ofbiz username/password in that call, even i want to use the SSO
> only. Is
> there a tighter integration that ofbiz can have with an SSO so that a user
> may get authenticated directly without using an ofbiz user?
>
> Please let me know , how can i achieve this?
>
>
> Thank you in advance.
>
>
--
Thanks & Regards
Vipin Nirwal
Re: Ofbiz integration with Azure AD SSO
Posted by Jason RJ <ja...@reast.net>.
It might also be worth taking a look at the Microsoft Azure AD Integration guide [1] for general guidance on integrating with a Java app.
Sample code is included.
Jason
[1] https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-java-webapp-openidconnect/integrating-azure-ad-into-a-java-web-application/
On 25/03/2020 10:28, Jacques Le Roux wrote:
Hi Vipin,
I don't know anything about Azure SSO and the documentation is sparse.
It's based on a federation like SAML[2], but according to [1] it has not been tested with SAML.
If it was you could have used Shibboleth[3]. You could try at your own risk (spend money for nothing), nothing is guaranteed. It seems only commercial products have been tested.
So I have no ideas about it and that's all I can say.
This said how do you call OFBiz? If you use simple URLs you could use a degraded mode where you send the parameters in the URL like:
webtools/control/login?USERNAME=admin&PASSWORD=ofbiz&JavaScriptEnabled=Y
Of course it's not recommended because unsafe (can be intercept by a Man in the Middle). But if your are in a safe network, why not?
[1] https://www.microsoft.com/en-us/download/details.aspx?id=56843
[2] https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
[3] https://en.wikipedia.org/wiki/Shibboleth_(Shibboleth_Consortium)
Jacques
Le 23/03/2020 à 11:14, vipin nirwal a écrit :
Hi All,
I have to integrate ofbiz with Azure Active Directory SSO.
Requirement: I have a portal for users which is integrated with Azure SSO.
When a call is being made to ofbiz from my portal, then i do not want to
pass ofbiz username/password in that call, even i want to use the SSO only. Is
there a tighter integration that ofbiz can have with an SSO so that a user
may get authenticated directly without using an ofbiz user?
Please let me know , how can i achieve this?
Thank you in advance.
Re: Ofbiz integration with Azure AD SSO
Posted by Jacques Le Roux <ja...@les7arts.com>.
Hi Vipin,
I don't know anything about Azure SSO and the documentation is sparse.
It's based on a federation like SAML[2], but according to [1] it has not been tested with SAML.
If it was you could have used Shibboleth[3]. You could try at your own risk (spend money for nothing), nothing is guaranteed. It seems only commercial
products have been tested.
So I have no ideas about it and that's all I can say.
This said how do you call OFBiz? If you use simple URLs you could use a degraded mode where you send the parameters in the URL like:
webtools/control/login?USERNAME=admin&PASSWORD=ofbiz&JavaScriptEnabled=Y
Of course it's not recommended because unsafe (can be intercept by a Man in the Middle). But if your are in a safe network, why not?
[1] https://www.microsoft.com/en-us/download/details.aspx?id=56843
[2] https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
[3] https://en.wikipedia.org/wiki/Shibboleth_(Shibboleth_Consortium)
Jacques
Le 23/03/2020 à 11:14, vipin nirwal a écrit :
> Hi All,
>
> I have to integrate ofbiz with Azure Active Directory SSO.
>
> Requirement: I have a portal for users which is integrated with Azure SSO.
> When a call is being made to ofbiz from my portal, then i do not want to
> pass ofbiz username/password in that call, even i want to use the SSO only. Is
> there a tighter integration that ofbiz can have with an SSO so that a user
> may get authenticated directly without using an ofbiz user?
>
> Please let me know , how can i achieve this?
>
>
> Thank you in advance.
>