Enable Saml ADFS Authentication

General
1

How we can enable Saml ADFS Authentication In Vahana Application

2 Likes
2

@naveen.gupta
There is a standard microservice which can enable sso authentication in our vahana
project through the configuration only. No need to do any custom development for the same.
We have to follow below steps to achieve the same:

  1. First we have to ask for idp metadata xml or Federation Metadata xml from idp
    client.
  2. Change the below file which is part of our microservice;
    a. orgapp.json:The main aim of this file is to create the sso token based on org id
    and appid and environment and also using this file we make a single server for
    different environments(dev/sit/uat/prod). Lets change below parameter as per your
    vahana project:
  • orgId
  • appId
  • clientsecret (voconnect client secret )
  • vconnectUrl
  • dashboardUrl (this will be the you application dashboard url where user redirect
    after successful authentication)
  • identifier (this will be unique id for each configuration)
    b. properties file :
  • server.port=9028 (change it if this port not available else keep it as it is)
  • sp.host: the dns or ip:port of context path ‘samlauth’ which must be exposed on
    the internet publicly and https enabled.
  • saml.idpEndpoint: (singlesignonservice url from idp xml)
  • saml.idpDomain: adfs email id domain

  1. Deployment:
    a. Create a folder “samlauthentication” on your server, put the samlauthentication.jar
    inside it and create a resources sub-folder and put orgapp.json and
    application.properties file.
    b. Start the jar with the command “nohup java -jar samlauthentication.jar
    –spring.config.location=file:resources/application.properties >
    samlauthentication.log &”

  2. Enable sso authentication to your vahana project: login
    https://developer.vahanacloud.com/ → select your organization → select application → go
    to sso module → enable sso and sync.

  3. Create GENERATE_SSO_TOKEN vconnect service in the same application. Goto
    vconnect module → click on add service → click new service → write
    GENERATE_SSO_TOKEN in service name → select scope “without session” → goto
    api registration → select backend system as pass through → api name will be
    GENERATE_SSO_TOKEN and the endpoint url will be
    (http://localhost:9013/authentication-service/generate/ssotoken). this endpoint works for
    sandbox only the base url will be different for uat/prod servers(this url is basically where
    our vahana authentication microservice will be deployed).

  4. Once all the above steps are done then share the below url with the client and ask them to
    add the below url in adfs server.
    a. Service provider Entity Id: https://{public_dns}/samlauth/login
    b. Service provider Assertion Consumer Service URL:
    https://{public_dns}/samlauth/callback

  5. Once above url configured in adfs then click on below url to see adfs login page:
    a. https://{public_dns}/samlauth/login?identifier={{identifier}} (here identifier as
    per your orgapp.json configuration to identify vahana org and app for further
    processing).

  6. When a user enters a valid adfs credential then after successful authentication the user
    will redirect to the application dashboard url (provided in orgapp.json).

Note:

  • We can also use this microservice as a central service at Decimal level instead of client level.
5 Likes
3

Already implemented in IPMS IDFC bank

1 Like