Ofbiz integration with Azure AD SSO

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Ofbiz integration with Azure AD SSO

vipin nirwal
Hi All,

I have to integrate ofbiz with Azure Active Directory SSO.

Requirement: I have a portal for users which is integrated with Azure SSO.
When a call is being made to ofbiz from my portal, then i do not want to
pass ofbiz username/password in that call, even i want to use the SSO only. Is
there a tighter integration that ofbiz can have with an SSO so that a user
may get authenticated directly without using an ofbiz user?

Please let me know , how can i achieve this?


Thank you in advance.

--
Thanks & Regards
Vipin Nirwal
Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz integration with Azure AD SSO

Jacques Le Roux
Administrator
Hi Vipin,

I don't know anything about Azure SSO and the documentation is sparse.

It's based on a federation like SAML[2], but according to [1] it has not been tested with SAML.
If it was you could have used Shibboleth[3]. You could try at your own risk (spend money for nothing), nothing is guaranteed. It seems only commercial
products have been tested.

So I have no ideas about it and that's all I can say.

This said how do you call OFBiz? If you use simple URLs you could use a degraded mode where you send the parameters in the URL like:

webtools/control/login?USERNAME=admin&PASSWORD=ofbiz&JavaScriptEnabled=Y

Of course it's not recommended because unsafe (can be intercept by a Man in the Middle). But if your are in a safe network, why not?

[1] https://www.microsoft.com/en-us/download/details.aspx?id=56843
[2] https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
[3] https://en.wikipedia.org/wiki/Shibboleth_(Shibboleth_Consortium)

Jacques

Le 23/03/2020 à 11:14, vipin nirwal a écrit :

> Hi All,
>
> I have to integrate ofbiz with Azure Active Directory SSO.
>
> Requirement: I have a portal for users which is integrated with Azure SSO.
> When a call is being made to ofbiz from my portal, then i do not want to
> pass ofbiz username/password in that call, even i want to use the SSO only. Is
> there a tighter integration that ofbiz can have with an SSO so that a user
> may get authenticated directly without using an ofbiz user?
>
> Please let me know , how can i achieve this?
>
>
> Thank you in advance.
>
Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz integration with Azure AD SSO

Jason RJ
It might also be worth taking a look at the Microsoft Azure AD Integration guide [1] for general guidance on integrating with a Java app.

Sample code is included.

Jason

[1] https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-java-webapp-openidconnect/integrating-azure-ad-into-a-java-web-application/

On 25/03/2020 10:28, Jacques Le Roux wrote:
Hi Vipin,

I don't know anything about Azure SSO and the documentation is sparse.

It's based on a federation like SAML[2], but according to [1] it has not been tested with SAML.
If it was you could have used Shibboleth[3]. You could try at your own risk (spend money for nothing), nothing is guaranteed. It seems only commercial products have been tested.

So I have no ideas about it and that's all I can say.

This said how do you call OFBiz? If you use simple URLs you could use a degraded mode where you send the parameters in the URL like:

webtools/control/login?USERNAME=admin&PASSWORD=ofbiz&JavaScriptEnabled=Y

Of course it's not recommended because unsafe (can be intercept by a Man in the Middle). But if your are in a safe network, why not?

[1] https://www.microsoft.com/en-us/download/details.aspx?id=56843
[2] https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
[3] https://en.wikipedia.org/wiki/Shibboleth_(Shibboleth_Consortium)

Jacques

Le 23/03/2020 à 11:14, vipin nirwal a écrit :
Hi All,

I have to integrate ofbiz with Azure Active Directory SSO.

Requirement: I have a portal for users which is integrated with Azure SSO.
When a call is being made to ofbiz from my portal, then i do not want to
pass ofbiz username/password in that call, even i want to use the SSO only. Is
there a tighter integration that ofbiz can have with an SSO so that a user
may get authenticated directly without using an ofbiz user?

Please let me know , how can i achieve this?


Thank you in advance.

Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz integration with Azure AD SSO

vipin nirwal
Thanks Jacques and Jason.
I will go through as recommended by both of you. Will share if i found some
other way.

Thanks,
Vipin

On Wed, Mar 25, 2020 at 4:22 PM Jason RJ <[hidden email]> wrote:

> It might also be worth taking a look at the Microsoft Azure AD Integration
> guide [1] for general guidance on integrating with a Java app.
>
> Sample code is included.
>
> Jason
>
> [1]
> https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-java-webapp-openidconnect/integrating-azure-ad-into-a-java-web-application/
>
> On 25/03/2020 10:28, Jacques Le Roux wrote:
> Hi Vipin,
>
> I don't know anything about Azure SSO and the documentation is sparse.
>
> It's based on a federation like SAML[2], but according to [1] it has not
> been tested with SAML.
> If it was you could have used Shibboleth[3]. You could try at your own
> risk (spend money for nothing), nothing is guaranteed. It seems only
> commercial products have been tested.
>
> So I have no ideas about it and that's all I can say.
>
> This said how do you call OFBiz? If you use simple URLs you could use a
> degraded mode where you send the parameters in the URL like:
>
> webtools/control/login?USERNAME=admin&PASSWORD=ofbiz&JavaScriptEnabled=Y
>
> Of course it's not recommended because unsafe (can be intercept by a Man
> in the Middle). But if your are in a safe network, why not?
>
> [1] https://www.microsoft.com/en-us/download/details.aspx?id=56843
> [2] https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language
> [3] https://en.wikipedia.org/wiki/Shibboleth_(Shibboleth_Consortium)
>
> Jacques
>
> Le 23/03/2020 à 11:14, vipin nirwal a écrit :
> Hi All,
>
> I have to integrate ofbiz with Azure Active Directory SSO.
>
> Requirement: I have a portal for users which is integrated with Azure SSO.
> When a call is being made to ofbiz from my portal, then i do not want to
> pass ofbiz username/password in that call, even i want to use the SSO
> only. Is
> there a tighter integration that ofbiz can have with an SSO so that a user
> may get authenticated directly without using an ofbiz user?
>
> Please let me know , how can i achieve this?
>
>
> Thank you in advance.
>
>

--
Thanks & Regards
Vipin Nirwal
Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz integration with Azure AD SSO

Michael Brohl-3
In reply to this post by vipin nirwal
Hi Vipin,

we have implemented an SSO integration via SAML2 with Azure for a portal
solution and several subsystems based on OFBiz recently.

The solution mainly consists of

* a SAML API implementation using the OneLogin SAML API

* this was modified to make use of the internal OFBiz login service for
the local OFBiz webapp login

* the integration happens using the OFBiz login extension mechnism
(which we also have improved for dealing with logout) by an
implementation of org.apache.ofbiz.webapp.control.LoginCheck to hook
into LoginWorker.extensionCheckLogin for webapp specific external SAML2
authentication

* the SAML SSO login can be configured/activated per webapp


You will still need an OFBiz user for the use of your application, if it
is not to be used anonymously.


Hope that helps, best regards,

Michael Brohl

ecomify GmbH - www.ecomify.de


Am 23.03.20 um 11:14 schrieb vipin nirwal:

> Hi All,
>
> I have to integrate ofbiz with Azure Active Directory SSO.
>
> Requirement: I have a portal for users which is integrated with Azure SSO.
> When a call is being made to ofbiz from my portal, then i do not want to
> pass ofbiz username/password in that call, even i want to use the SSO only. Is
> there a tighter integration that ofbiz can have with an SSO so that a user
> may get authenticated directly without using an ofbiz user?
>
> Please let me know , how can i achieve this?
>
>
> Thank you in advance.
>


smime.p7s (5K) Download Attachment