mxu1386
Visitor.
463 views

passing user credential between authentication classes

I am trying to write a customized step up authentication class (using the NAM SDK), the idea is to authenticate user with a ID/Password class, and then configure the contract to have a second method to validate other properties of the user. I can write the class using the NAM SDK guide, the problem is that I don't know how to get the user's credential in this second class, i.e what is the user's ID, cannot get it from login form as it's consumed by the first authentication class. I need this ID to connect to DB and do further validation. Any suggestion is appreciated.

Thanks
Mark
0 Likes
4 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: passing user credential between authentication classes

On 19-06-2018 3:34 AM, mxu1386 wrote:
>
> I am trying to write a customized step up authentication class (using
> the NAM SDK), the idea is to authenticate user with a ID/Password class,
> and then configure the contract to have a second method to validate
> other properties of the user. I can write the class using the NAM SDK
> guide, the problem is that I don't know how to get the user's credential
> in this second class, i.e what is the user's ID, cannot get it from
> login form as it's consumed by the first authentication class. I need
> this ID to connect to DB and do further validation. Any suggestion is
> appreciated.
>
> Thanks
> Mark
>
>


getPrincipal()?



--
Cheers,
Edward
0 Likes
Highlighted
mxu1386
Visitor.

Re: passing user credential between authentication classes

Thanks Ed,
That works!! Now a new challenge, we also have a contract that does federated authentication by an external IDP, we also want to add this new authentication method as a step up to the federated contract. I added this method to the federation contract, when I tested, I was able to authenticate with the external IDP, but when my code was called, the getPrinciple() method return null.
So in this situation, when user was authenticated by external IDP and federated with our IDP with SAML, how I can get the user's credential in my customized code?

Thanks
Mark
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: passing user credential between authentication classes

On 22-06-2018 2:44 AM, mxu1386 wrote:
>
> Thanks Ed,
> That works!! Now a new challenge, we also have a contract that does
> federated authentication by an external IDP, we also want to add this
> new authentication method as a step up to the federated contract. I
> added this method to the federation contract, when I tested, I was able
> to authenticate with the external IDP, but when my code was called, the
> getPrinciple() method return null.
> So in this situation, when user was authenticated by external IDP and
> federated with our IDP with SAML, how I can get the user's credential in
> my customized code?


Hmm...that's a good one. I guess a federated principal works a little different. I'll see if I can do some digging on that.


--
Cheers,
Edward
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: passing user credential between authentication classes

On 22-06-2018 2:44 AM, mxu1386 wrote:
>
> Thanks Ed,
> That works!! Now a new challenge, we also have a contract that does
> federated authentication by an external IDP, we also want to add this
> new authentication method as a step up to the federated contract. I
> added this method to the federation contract, when I tested, I was able
> to authenticate with the external IDP, but when my code was called, the
> getPrinciple() method return null.
> So in this situation, when user was authenticated by external IDP and
> federated with our IDP with SAML, how I can get the user's credential in
> my customized code?
>
> Thanks
> Mark
>
>

sorry for the delay on this one but i built a small lab for this and wrote a very basic class and getPrincipal works for me using this code:

NIDPPrincipal localNIDPPrincipal = (NIDPPrincipal)this.m_Properties.get("Principal");
if (localNIDPPrincipal == null) {
if ((this.m_Session.isAuthenticated()) && (this.m_Session.getSubject().getPrincipal() != null)) {
localNIDPPrincipal = this.m_Session.getSubject().getPrincipal();
} else {
return SHOW_JSP;
}
}

setPrincipal(localNIDPPrincipal);
System.out.println("Ed debug - getGUID: " + localNIDPPrincipal.getGuid() );
return AUTHENTICATED;

When i add this to the stepup auth in the SAML IDP I configured and i tail my log and grep for 'Ed debug' it spits out the GUID of the user (not 100%
sure where it gets this from as its not present in the saml response).



--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.