This is an example of an External Auth module to be plugged into a Shibboleth Identity Provider.
It is a simple External Auth that does 2 things:
GET
: Redirect the User to a custom JSP webpage with a form for a usernamePOST
: Takes the username from the form and creates a Java Subject, setting the username as the Username Principal.
NOTE: Your custom webpage will need to match the file name that is in the GET
method. Your form will also need
to submit the correct parameter in the POST
as well (userName
in this instance).
I recommend IntelliJ for this.
- Build Project
- File > Project Structure > Project Settings > Artifacts
- Hit the + > JAR > From project with dependencies > OK
(Next part is a bit tricky and something I don't know how to do yet via code/commands)
- Move your jar into a folder and run
jar xf <JAR NAME>.jar
- Remove all files except for
external/ExternalAuth.class
and theMETA-INF/MANIFEST.MF
. There is an example jar directoryexample-jar-directory
. Instead of removing files you can also just add the necessary ones into a new folder. - Jar it back up with a name
jar cvf <JAR NAME>.jar -C <FOLDER-NAME>/ .
Make sure authn/External
bean is enabled in general-authn.xml
and that the external-authn-config.xml
is present.
Make sure your JSP webpage is in webapp/
directory.
In web.xml
, add the following servlet:
<!-- Servlet for receiving a callback from an external Server and continues the IdP login flow -->
<servlet>
<servlet-name>ExternalAuth</servlet-name>
<servlet-class>external.ExternalAuth</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>ExternalAuth</servlet-name>
<url-pattern>/Authn/External/*</url-pattern>
</servlet-mapping>
Route some auth flows through the External Module