Knowledge Base
  • Introduction
  • Events and Actions
  • Action Panel
  • sending email
  • calling a SQL action from a client side js action
  • Accessing to translations form a server
  • Executing SQL statements from within an action
  • How to invoke a generic SQL statement defined through a SQL action
  • How to show a message dialog
  • checking for "undefined" values
  • How to add spaces to the right of a text
  • How to create a docx report and show it on the web browser Enterprise Edition only
  • How to get or set a value from the graphics control
  • How to invoke a generic SQL query defined through a business component
  • How to remove spaces to the left and right of a text
  • How to support multiple themes in a single application, accoding to a rule
  • How to set content to a Google Map linked to a grid or form
  • How to replace all occurences of a pattern from a text
  • Utility methods
  • Link auto login
  • Creation of a link for the first access of a new user without give the user a password and forcing
  • Forgot password
  • setting up default values from values coming from a filter panel
  • identifing the modified record after the alteration
  • enabling/disabling checkboxes in a grid
  • Filtering a Lookup
  • formatting a column
  • using checkboxes to select rows in grid
  • showing a summary row in grid
  • Disabling a toolbar button
  • Configuring grid exports
  • Adding filter conditions to a grid
  • Filtering the grid content from a tree
  • Filtering the tree content, starting from a filter panel linked to a grid
  • collapsing a panel
  • validating a lookup
  • accessing the authorizations set for a specific grid
  • How to design a web service
  • How to remotelly invoke an action or business component or perform a write operation through a Restf
  • how to feed a grid from a JS business component
  • converting a JS object to a JSON string
  • executing a query
  • passing parameters to a server side JS action
  • return value
  • scheduling and frequency
  • finding the right filter panel
  • checking out if a component has been defined
  • Deploying an application
  • Enquiring a table belonging to the Platform repository
  • Adding a where clause to a business component linked to grid
  • Integrating Mailchimp lists
  • Formatting a number as a currency value to use it inside an email template
  • sending email from a template
  • How to send an email
  • Error 'smtpHost' is empty
  • Linking two windows
  • How to open manually a window from another window
  • How to open manually a popup window
  • How to hide a panel in a window dinamically
  • How to manage folder panels
  • How to manage card panels
  • Predefined variables supported by Platform
  • Accessing the application parameters
  • Application Log
  • How to design a web service
  • How to import java classes in server
  • How to import java classes in server
  • How to dynamically set a value on a combo
  • 4WS.Platform
  • How to listen to events in a mobile HTML panel
  • Issues with HTTPS requests
  • How to manage row totals in grid
  • How to send to the UI a notification to execute code automatically
  • How to filter a chart by date interval
  • How to filter a grid by date interval
  • How to read a text or csv file and save data on the database
  • How to write text or csv files
  • Reading an xls file stored in the specified path
  • How to create a report with Jasper Report
  • How to customize the alert message content
  • Setting up a cluster
  • Uploading and downloading files
  • How to listen to user definition changes
  • How to auto-show a window from login
  • How to manage encrypted fields
  • How to change CSS settings for a grid row
  • Customizing a Tree Panel
  • How to execute complex queries on Google Datastore
  • Theme customization
  • Retrieve and send the log of a mobile app
  • Import Roles and Users
  • How to synchronize multiple Form panels in the same window
  • Anchor buttons
  • Properties of subpanels
  • Bulk import
  • How to display the data not found message in a grid
  • How to setup an LDAP based authentication
  • How to synchronize data from Datastore to BigQuery
  • How to synchronize data from Datastore to Google Spanner
  • How to synchronize data from Datastore to CloudSQL
  • Scrollable form list
  • How to setup SAML authentication
  • How to export data from BigQuery in streaming
  • Update Google Spreadsheet
  • How to setup OAuth2 authentication
Powered by GitBook
On this page

Was this helpful?

How to setup SAML authentication

PreviousScrollable form listNextHow to export data from BigQuery in streaming

Last updated 2 years ago

Was this helpful?

SAML authentication involves two systems:

  • Idp - identity provider, the one who perform the authentication

  • SP - service provider, the one who ask for authentication

SAML authentication starts in the SP side, with a web page requiring the SSO checking

The communication between IdP and SP is performed by exchanging data in encripted XML; the encryption is based on certificates installed on both sides of the system.

In order to correctly setup the environment on the Platform side, a few global parameters in Platform must be configured in the SAML group:

  1. The IdP should provide the SAML metadata, i.e. an XML file containing all settings regarding the IdP, including its certificate (in Base64 format), entity id, signin URL, encryption settings; these must be set in the following parameters:

Assertion signed - checkbox to set according to the agreement defined with the Identity Provider (SAML server provider)

Authentication request signed - checkbox to set according to the agreement defined with the Identity Provider (SAML server provider)

Assertion encripted - checkbox to set according to the agreement defined with the Identity Provider (SAML server provider)

Identity Service Provider Entity ID - to set according to the agreement defined with the Identity Provider (SAML server provider); e.g. https://samltest.id/saml/idp

Identity Service Provider Signin URL - to set according to the agreement defined with the Identity Provider (SAML server provider); e.g. https://samltest.id/idp/profile/SAML2/Redirect/SSO

Identity Service Provider Certificate - to set according to the agreement defined with the Identity Provider (SAML server provider)

Identity Service Provider Signature algorithm - to set according to the agreement defined with the Identity Provider (SAML server provider)

Enable SAML authentication - checkbox used to enable SAML authentication; if not selected, the SAML metadata web service and the SAML authentication will not work

  1. Optionally, additional parameters can be filled in, related to the IdP:

Identity Service Provider Digest - to set according to the agreement defined with the Identity Provider (SAML server provider)

Identity Service Provider Fingerprint - to set according to the agreement defined with the Identity Provider (SAML server provider)

Identity Service Provider Signout URL - to set according to the agreement defined with the Identity Provider (SAML server provider); e.g. https://samltest.id/idp/profile/SAML2/POST/SLO

Identity Service Provider support for deprecated algorithms - to set according to the agreement defined with the Identity Provider (SAML server provider)

Identity Service Provider Fingerprint algorithm - to set according to the agreement defined with the Identity Provider (SAML server provider)

  1. A certificate can also be defined on the SP side, if required by the agreements shared with the IdP; in such a case, the following parameters must be filled in:

Service Provider URL - a unique identifier for the Platform server (e.g. https://myhost/platformwebcontext/ )

Service Provider X509 Certificate - mandatory; the X509 certificate for Platform, espressed in Base64; it will be included in the XML metadata generated by the Platfmr metadata web service

Service Provider Private Key - mandatory; related to the X509 certificate for Platform

  1. Additional parameters that could be defined for the SP are:

Service Provider language - e.g. IT

Service Provider Name - e.g. Sinesy

Service Provider display name - e.g. Sinesy

Service Provider support name - optional

Service Provider support email - optional

Service Provider technician name - optional

Service Provider technician email - optional

  1. Once done that, it is possible to generate the SAML metadata to pass to the IdP, containing all settings related to the SP, so that they can be correctly configured on the server; after that, the two systems are ready to communicate with each other; the SAML metadata can be generated using a Platform web service:

The user must be logged on the App Designer; the XML content provided by this web service (SAML metadata) can also be read by the IdP if needed, so it can update the SP certificate over time automatically; in order to get the content of this protected web service, credentials must be provided. This can be done either:

  • using any user having role 1

  • using a special user named SAML_METADATA (to create within the App Designer)

  1. The SSO checking is carried out by the end user through the following URL:

  1. In any case, an server-side js action be configured in order to receive the callback invoked by the IdP after a correct authentication (ACP event). This action must be configured through the following global parameter in the SAML group:

List of appId,actionId for authentication management - list of couples applicationId,actionId where each couple is separated by a semicolon ; the server-side js action is invoked each time the SAML authentication is valid and the ACP Platform web service has been invoked; the action can read the request body (vo) and request headers (reqHeaders) and use them to retrieve the real Platform user to logon.

The returned JSON must have the following format: 

{ 
  success: true, 
  companyId: "...", 
  siteId: ..., 
  username: "...", 
  password: "..", 
  languageId: "..." 
}

In case the user is not recognized a JSON having this format should be returned: 

{ 
  success: false, 
  message: "..." 
}

https://myhost/platformwebcontext/saml/metadata?appId=DESIGNERmyhost
https://myhost/platformwebcontext/4ws/saml/index.jsp?appId=MYAPPIDmyhost