cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to implement single sign on functionality?

Former Member

on ‎08-26-2014 5:08 PM

0 Kudos

Hi Friends,

We are trying to implement Single sign on functionality in our project wherein if a user is already logged onto our one of the systems, and tries to access our hybris application, then the user should be allowed to directly login without prompting for user ID and passwords. Any pointers would be highly appreciated. Thanks.

Regards,

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎09-29-2014 10:57 AM
0 Kudos

Hi

I have done the configuration as mentioned in the tutorial. but I am getting the below mentioned issue during the server restart.

 ERROR [localhost-startStop-1] [ContextLoader] Context initialization failed
 org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from relative location [spring-security-config.xml]
 Offending resource: ServletContext resource [/WEB-INF/config/web-application-config.xml]; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute
 Offending resource: ServletContext resource [/WEB-INF/config/spring-security-config.xml]
         at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68)
         at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)
         at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:76)

Can you please suggest on this.

Show replies
Show replies
Former Member
‎11-12-2015 1:57 PM
0 Kudos

Hi,

Does any one know how to implement single sign on functionality using 'samlsinglesignon' extension introduced in hybris 5.7 version. Please provide if any idea or URLs available.

Thanks & Regards, Shanmuk

ArthurPerry
Employee
Employee
‎11-12-2015 5:36 PM
0 Kudos

Have you looked at the wiki? https://wiki.hybris.com/display/release5/samlsinglesignon+Extension

Former Member
‎09-25-2014 9:17 PM
0 Kudos

Hello Ravi,

Your one bet is to enable SAML in Spring security. However, as Art said it is your implementation that you have to POC and eventually rollout. You can refer it here http://projects.spring.io/spring-security-saml/ . Also note that your overall security should be federated in that scenario and also be SAML compliant. If the organization does not have SSO in place now, I would recommend 3rd party SSO solutions. However with those solutions some of the systems will fall outside (they may be legacy). In my practicle sense, SSO is pipe dream when you have more (varied) systems (count may affect the overall outcome) in the fold to be covered.

Hope that was helpful.

Show replies
Show replies
ArthurPerry
Employee
Employee
‎08-27-2014 5:56 PM
0 Kudos

I have moved the Storefront Single Sign On writeup to my public space so you should be able to access it now. Feel free to post follow up questions here!

Show replies
Show replies
Former Member
‎08-28-2014 10:38 AM
0 Kudos

Thanks Arthur. I read through the section and found out that you are taking use of cookies for SSO when there are a couple of sites in action.

Our requirement is a bit different. I will try to explain here. We have few applications running(only one application is hybris based).We have a web server in place where in we will pass a parameter in header with the UID of user.Now, if this UID is present in the header, we want to allow the user to directly enter into the hybris website without prompting for credentials. Hope I explained the requirement clearly. Please update in this regard.Thanks

former_member387866
Active Contributor
‎08-28-2014 12:53 PM
0 Kudos

Hi Ravi,

According to this post on the old forum,

There is no out-of-the-box solution for hybris - 3rd party login service integration. This is something you have to implement for yourself.

But the commenter does link to this other comment which may be of use.

However there is a possibility to implement it via spring security which is a more or less deep integration-issue in your project.

Former Member
‎02-15-2016 4:33 PM
0 Kudos

Hello Arthur,

Above solution is for same domain do we have anything which can work cross domain,between Hybris storefront and some third party site?

Thanks, Nidhi

former_member387866
Active Contributor
‎08-26-2014 5:14 PM
0 Kudos

Hello Ravi,

There are many search results on this topic on the Wiki.

Search results for Single Sign On.

To use SSO between Cockpits, this tutorial should help. The spring-security-config.xml file looks like it goes inside the WEB-INF directory.

If you require more customisation, you'll need to use Domain level cookies. So if you have sub-domains as follows 

storefront1.shop.com
storefront2.shop.com
Your Domain Level Cookie should be 
.shop.com

Write a custom RememberMeService, by extending an existing RememberMeService. There is once such service in the accelerator.

de.hybris.platform.yacceleratorstorefront.security.AcceleratorRememberMeServices
Overwrite the setCookie() method. When constructing the cookies in the setCookie() method, set it to a domain. 
cookie.setDomain(".shop.com");
Remember to add your bean to the spring-securiy-config.xml.

I hope these are of use to you, Luke

Show replies
Show replies
Former Member
‎08-26-2014 10:13 PM
0 Kudos

HI Luke,

Thanks for your response. I tried to view the link that you proposed but I believe I don't have permissions to view it. Request you to either enable the link for me or else please provide a detailed description here. Thanks.

former_member387866
Active Contributor
‎08-27-2014 5:54 PM
0 Kudos

I've edited the top level comment, because you couldn't see the blog post.

Former Member
‎11-14-2015 7:14 PM
0 Kudos

https://localhost:9002/samlsinglesignon/saml/yacceleratorstorefront/electronics/en/?asm=true&site=el... when i was hitting this url its goes to SSO Circle site Login once logged and then redirected to the storefront with ASM mode enabled.I was unable to logged in as ASM agent with the same username/email registered with on the SSO Circle.Again asking ASM agent login it was taking only username asagent and the password 123456

Ask a Question