ADF and enterprise SAML SSO connector for ACS

cancel
Showing results for 
Search instead for 
Did you mean: 
d_moeyersons
Customer

ADF and enterprise SAML SSO connector for ACS

Hello,

I am wondering if there are known technics to use ADF with the enterprise SAML SSO connector (https://docs.alfresco.com/saml/concepts/saml-overview.html), especially the authentication part. We are currently using Alfresco 5.2.3, with a lot of custom development, so using Alfresco Identity Service (Alfresco 6.1 is required) is currently not an option.

I currently have a working implementation, but it doesn't feel quite 'optimized' yet.
My current implementation basically navigates from Angular to the external Identity Provider back to Angular, capturing the ticket on the way and logging into ADF with the ticket in the end. I can go more in detail if requested.
If a user opens the ADF app it loads the app (takes a few seconds), navigates to the Idp (in some cases requiring user input, in other cases logging in immediately) and it loads the whole app again (taking a few seconds again), so the first login can take a while (and I know that users are not going to like that).

I tried other technics:

  • Accessing it completely as a rest service (http://docs.alfresco.com/saml/concepts/develop-saml.html) is not an option, because one cannot capture user input in a REST service.
  • Iframing the Idp page & capturing the output isn't an option either, because there are CORS issues that I cannot solve, because part of the Idp (which would run inside the iframe) is external, and solving the CORS issues would mean that i would need to add headers to the page inside the iframe (which is not under our control).

Has someone else tried using the SAML SSO connector with ADF before?

Maybe interesting to know: We are using Keycloak as identity broker between Alfresco & our Idp, because the Alfresco SAML implementation wasn't compatible with the implementation of the Idp.

Best regards,

David.