CODEWITHSUNDEEP
scalasaml-2.0
Tin Ng
Tin Ng

Reputation: 1047

pac4j /callback endpoint anonymous?

I started to integrate SAML with ADFS.

I've followed the demo at https://github.com/pac4j/play-pac4j-scala-demo

I've removed all other clients except SAML2Client from both the application.conf and the SecurityModule, so the final application.conf looked like this

pac4j.security { rules = [

{".*" = {
  authorizers = "_authenticated_"
}}

] }

So when I tried to access http://localhost:9000/ it'll prompt me for username & password as the SecurityFilter kicked in... after that the /callback endpoint will be invoked, however this is not yet authenticated, and it'll need to request for authentication with ADFS, and then it kept going on ...

And to fix the issue I have to add

{"/callback.*" = {
  authorizers = "_anonymous_"
}}

Have I done the right thing? if not, what have I missed?

On another note, do we need the following code if it's only single profile?

val callbackController = new CallbackController()
callbackController.setDefaultUrl("/?defaulturlafterlogout")
callbackController.setMultiProfile(true)
bind(classOf[CallbackController]).toInstance(callbackController)

I removed it and it seemed to have no impact.

Please help answering the questions as I am quite new to this.

Thanks & regards Tinman

Upvotes: 0

Views: 326

Answers (1)

Tin Ng
Tin Ng

Reputation: 1047

I got in touch with the author of the framework. And he agreed that /callback has to be anonymous. I think they should have made it clear in the documentation.

Upvotes: 0

Related Questions