Re: [Unity-idm-discuss] configure authentication with singleAuthn from saml federation

[Sander A. <sa....@fz...>]

Good morning Roman,
thanks for your answer. We will try in the next days and come back if
we have problems.

Best regards,
Sander

On Tue, 2023-08-08 at 16:50 +0200, Roman Krysiński wrote:
> Hi Sander,
> 
> Sorry to be long in my reply, the answer to your question is YES, it
> is possible.
> The easiest way to see the desired configuration file content, is to
> create a database dump with the "System configuration" part (Console
> -> Maintenance -> Backup & Restore) and search for the configuration
> of the endpoint from the screenshot. I've made similar configuration
> for console and here is the relevant json part for this endpoint:
> 
>     {
>       "_updateTS" : 1691505258138,
>       "obj" : {
>         "name" : "Console",
>         "typeId" : "WebConsoleUI",
>         "contextAddress" : "/console",
>         "configuration" : {
>           "displayedName" : {
>             "Map" : {
>               "pl" : "Interfejs administracyjny Unity"
>             },
>             "DefaultValue" : "UNITY console administration interface"
>           },
>           "description" : "",
>           "authenticationOptions" : [ "pwdSys", "pwdComposite",
> "certFlow1", "smsAndPass", "cert", "ldap", "ldapDN", "saml", "oauth",
> "fido" ],
>           "configuration" : "#\n#Tue Aug 08 16:34:18 CEST
> 2023\nunity.endpoint.web.authnScreenShowSearch=false\nunity.endpoint.
> web.authnScreenColumn.1.columnContents=saml._entryFromMetadata_2bd764
> 8301d749818fa038b51bf7f235+1. pwdSys _SEPARATOR fido _SEPARATOR cert
> _SEPARATOR pwdComposite _SEPARATOR _SEPARATOR ldap _SEPARATOR
> _REGISTER\nunity.endpoint.web.authnScreenTitle=title of
> page\nunity.endpoint.web.authnScreenColumn.1.columnTitle.en=Local
> authentication\nunity.endpoint.web.externalRegistrationURL=https\\://
> www.wp.pl\nunity.endpoint.web.productionMode=false\nunity.endpoint.we
> b.authnScreenColumn.2.columnTitle.pl=Zdalne
> logowanie\nunity.endpoint.web.authnScreenTitle.en=title of
> page\nunity.endpoint.web.authnScreenOptionsLabel.1.text.en=separator\
> nunity.endpoint.web.showRegistrationFormsInHeader=false\nunity.endpoi
> nt.web.authnScreenShowAllOptions=false\nunity.endpoint.web.authnLastO
> ptionOnlyLayout=_LAST_USED _SEPARATOR_1
> _EXPAND\nunity.endpoint.web.authnShowLastOptionOnly=false\nunity.endp
> oint.web.authnGrid.1.gridContents=saml\nunity.endpoint.web.authnScree
> nLogo=https\\://m.media-amazon.com/images/I/91-
> Db4L6xjL.png\nunity.endpoint.web.authnScreenOptionsLabel.1.text=separ
> ator\nunity.endpoint.web.authnScreenColumn.1.columnTitle.pl=Lokalne
> metody\nunity.endpoint.web.authnGrid.1.gridRows=50\nunity.endpoint.we
> b.compactCredentialReset=true\nunity.endpoint.web.authnScreenColumn.2
> .columnWidth=21\nunity.endpoint.web.authnScreenColumn.1.columnWidth=2
> 1\nunity.endpoint.web.enableRegistration=false\nunity.endpoint.web.au
> thnTheme=unityThemeValo\nunity.endpoint.web.authnScreenColumn.2.colum
> nContents=_GRID_1
> oauth\nunity.endpoint.web.authnScreenColumn.2.columnTitle=\\
> \nunity.endpoint.web.authnScreenColumn.1.columnTitle=Local
> authentication\nunity.endpoint.web.mainTheme=unityThemeValo\nunity.en
> dpoint.web.authnScreenShowCancel=false\nunity.endpoint.web.template=d
> efault.ftl\nunity.endpoint.web.autoLogin=false\n",
>           "realm" : "admin",
>           "tag" : "yFWk6n2n7mcMeks+eH/YkqEg/WaqCg25HaLHE6/Xs84="
>         },
>         "revision" : 20,
>         "status" : "DEPLOYED"
>       }
>     }
> 
> When you refactor the "configuration.configuration" json part,
> meaning replace "\n" to a new line we will get the information about
> columnContents to put into your file:
> 
> unity.endpoint.web.authnScreenColumn.1.columnContents=saml._entryFrom
> Metadata_2bd7648301d749818fa038b51bf7f235+1. pwdSys _SEPARATOR fido
> _SEPARATOR cert _SEPARATOR pwdComposite _SEPARATOR _SEPARATOR ldap
> _SEPARATOR _REGISTER
> 
> Please let me know if that answers your question.
> 
> Cheers,
> Roman
> 
> pon., 31 lip 2023 o 14:35 Sander Apweiler <sa....@fz...>
> napisał(a):
> > Hi Krzysztof, hi Roman,
> > using the UI, I can configure the Authentitcation for the endpoints
> > having singleAuthN with IdPs from federation metadata. I attached a
> > screenshot with a test. Can I somehow do this with via
> > configuration
> > files as well?
> > 
> > Best regards,
> > Sander
> > 

-- 
Large-Scale Data Science
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

-----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Stefan Müller
Geschaeftsfuehrung: Prof. Dr. Astrid Lambrecht (Vorsitzende),
Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens
-----------------------------------------------------------------------
-----------------------------------------------------------------------