Providing User Data in SAML AuthnResponse Packets

SAML communication occurs via request and response packets between an identity provider and a service provider. This article addresses how to provide user data within the response packets. The configuration will be done through portal-ext.properties.

Affected Products

Liferay Connector to SAML 2.0 for Liferay Portal 6.1 EE GA2/GA3 and 6.2 EE.

Resolution

1. Setup two Liferay portals where one is the IdP and the other is the SP.

The IdP is running in http://alpha.test.com:8080 with entityId liferaysamlidpdemo and the SP is running http://www.able.com:9080 with entityId liferaysamlspdemo.

2. Configure the IdP (in portal-ext.properties).

saml.enabled=true
saml.role=idp
saml.entity.id=liferaysamlidpdemo
saml.require.ssl=false
saml.sign.metadata=true

saml.idp.authn.request.signature.required=true

saml.keystore.path=${liferay.home}/data/keystore.jks
saml.keystore.password=liferay
saml.keystore.type=jks

saml.keystore.credential.password[liferaysamlidpdemo]=liferay

saml.metadata.paths=http://www.able.com:9080/c/portal/saml/metadata

saml.idp.metadata.attributes.enabled[liferaysamlspdemo]=true
saml.idp.metadata.attribute.names[liferaysamlspdemo]=emailAddress,screenName,firstName,lastName,expando:myCustomAttribute

3. Configure the SP (in portal-ext.properties). Notice that the value of myCustomAttribute expando attribute as lastName for the user.

saml.enabled=true
saml.role=sp
saml.entity.id=liferaysamlspdemo
saml.require.ssl=false
saml.sign.metadata=true

saml.keystore.path=${liferay.home}/data/keystore.jks
saml.keystore.password=liferay
saml.keystore.type=jks

saml.keystore.credential.password[liferaysamlspdemo]=liferay

saml.metadata.paths=http://alpha.test.com:8080/c/portal/saml/metadata
saml.sp.default.idp.entity.id=liferaysamlidpdemo

saml.sp.user.attribute.mappings=screenName=screenName\nemailAddress=emailAddress\nfirstName=firstName\nmyCustomAttribute=lastName
这篇文章有帮助吗?
0 人中有 0 人觉得有帮助