SSO autologin integration with BrXM CMS

Hi all,

I’m looking for ways to integrate an OpenID based SSO solution properly in the CMS. Now, everything almost runs smoothly, by creating a custom DelegateSecurityProvider linking up with the SSO endpoints to actually obtain a token on (manual) login.

However, for 1) subsequent visits or 2) initial visits to the CMS (having a valid token), I’m building an SSO Servlet Filter to decode/verify my token and, if it is valid, perform an automatic login in the CMS with a given user.

I only see functionality to perform logins when there’s an actual Wicket Session / Wicket context set up etc. However, in my filter (which has to kick in before the Wicket CMS application is firing up) I don’t have a Wicket Session / Wicket context.

Is there a way to actually programmatically perform the login and/or provision credentials to the Wicket Session / Wicket context which is set up after? Or should my filter set all the JEE Principals manually according to what BrXM is expecting. Any pointers?

Thanks,
Brian

Hey Brian,

Check out this code sample: https://github.com/bcanvural/brxm-okta-saml/blob/master/cms/src/main/java/com/github/bcanvural/security/LoginSuccessFilter.java . On successful login you can set a specific attribute on the htttpsession which will be taken into account by cms.

Hello @briansnijders

Following up on the above comment—could you please let us know if you’ve had a chance to review it? Feel free to reach out if you need any clarification or have further questions; we’re happy to assist.

Best Regards,
Bloomreach