markdomansky
commented
3 years ago SAML hasn't been tested. It's on my roadmap to support.
Open thlayli123 opened 3 years ago
markdomansky
commented
3 years ago SAML hasn't been tested. It's on my roadmap to support.
thlayli123
commented
3 years ago Just wanted to relay some info as we try to get SAML working... We ended up setting up a dev server using Shibboleth to try to get webjea configured as a SAML SP. We pass UID as DOMAIN\username. The webjea folder is protected, and passes the UID to webjea. The webjea.log file logs the correct username with this line: 2021-07-16 12:19:58.5958|Trace|1||DOMAIN\username|Page: Start But responds with the generic error.aspx page.
Just wanted to fill you in
Billabongodysee
commented
2 years ago We are currently using ADFS, WebAppProxy, and DUO to provide 2FA for our instance of WebJEA.
thlayli123
commented
2 years ago @Billabongodysee Would you mind sharing more info about your ADFS/WebAppProxy setup? ADFS is new to me, and seems a bit daunting.
Billabongodysee
commented
2 years ago We have an external load balancer that forwards requests to a WebAppProxy, which forwards requests to ADFS for the purposes of DUO (MFA), once that request has been satisfied the WebAppProxy is just the middle man for access to the WebJEA server. Let me know if you have more questions.
I know that normally Webjea uses normal windows authentication for each of the forms used. We've got a requirement to use our SAML provider to add MFA to the login process.
I'm going to test this in our dev environment, but wanted to ask if you see any issues with authenticating via SAML?