uniGUI with SAML 2.0 single sign-on

[isosrl]

Someone has played with SAML 2.0 single sign-on with uniGUI ?

If yes, is there any example to follow ?

 

Thanks.

[delagoutte]

nobody ? a client ask me the same thing

[isosrl]

Hi,

no solution for SAML 2.0 but in my case client also has OAuth2 authentication...

So I made a half of a real good solution...

In the LoginForm the user click on a button that redirect to sign-on

Note: XXX is the name of the client

procedure TUniLoginForm1.btNextXXXClick(Sender: TObject);
var
    _XXXurl, _state: string;
begin

  //redirect login
  _XXXurl:='https://login-dev.XXX.com/adfs/oauth2/authorize?response_type=code'+
            '&resource=XXXClientPortal'+
            '&client_id=a123-b456-c789'+
            '&redirect_uri=http://dev.test.it:8077/?callback=XXX';

  //add an encrypted string in parameter state that will returned back without modification
  _state:='&state='+XEncrypt(edCodCliente.Text+'|'+edCodUtente.Text+'|'+DateTimeToStr(NOW)+'|'+UniSession.SessionId);

  _XXXurl:=_XXXurl+_state;
  UniSession.UrlRedirect(_XXXurl);
end;

In MainModule

procedure TUniMainModule.UniGUIMainModuleBeforeLogin(Sender: TObject; var Handled: Boolean);
var
    _callback, _state: string;

    _CodUtente, _DataOra, _SessionID: string;
begin

  if (not _FlStatoAutoLogin) then
  begin
    //check if arrived from callback
    _callback:=UniSession.UniApplication.Parameters.Values['callback'];
    _state:=UniSession.UniApplication.Parameters.Values['state'];
    if (_callback='XXX') and (_state<>'') then
    begin
        _state:=XDecrypt(_state);

        _CodClient:=GetStrPosiz(_state, '|', 1);
        _CodUtenteXXX:=GetStrPosiz(_state, '|', 2);
        _DataOra:=GetStrPosiz(_state, '|', 3);
        _SessionID:=GetStrPosiz(_state, '|', 4);

        if (MinutesBetween(StrToDateTime(_DataOra), NOW)<=5)
            and ChkExistSessionID(_SessionID) then
        begin
            _FlStatoAutoLogin:=True;
            Handled:=True;
        end;
    end;
  end;                                       
end;
                                        
function TUniMainModule.ChkExistSessionID(SessionID: string): boolean;
var
    _path: string;
begin
    //look in files if exists a session with specific ID
    _path:=UniServerModule.CacheFolderPath+'cache\'+
                        ReplaceText(ExtractFileName(Application.ExeName), '.exe', '_exe')+'\'+
                        SessionID;
    Result:=(DirectoryExists(_path));
end;
                                        

To exit and get again loginform, in Main.pas

procedure TMainForm.UniFormClose(Sender: TObject; var Action: TCloseAction);
begin
    if UniMainModule._FlStatoAutoLogin then
    begin
        UniSession.UrlRedirect('?');
        Action:=caNone;
    end;
end;

 

The above it's just to authorize access to my unigui webapp...

 

[delagoutte]

thanks for your sharing