Skip to Content
author's profile photo Former Member
Former Member

Change authentication provider for backoffice login

Does anyone know how I can change the authentication provider for the backoffice login? I would like to send the credentials to a middleware which authenticates the user against Okta or Ping Identity (to be decided) and then log the business user in or present an errror.

Add a comment
10|10000 characters needed characters exceeded

Related questions

6 Answers

  • author's profile photo Former Member
    Former Member
    Posted on May 04, 2018 at 02:42 PM

    I'm looking for the same. Anyone?

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 13, 2018 at 05:08 PM

    There is a bean with id backofficeAuthenticationProvider in backoffice extension, which you need to override. You can always check the backoffice spring security config in backoffice/web/webroot/WEB-INF/backoffice-spring-security.xml to know how it all is configured.

    Thanks, Marcin

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 16, 2018 at 07:41 AM

    Do you know how to create a authentication manager make a entry in spring xml and keep alias as backofficeAuthenticationProvider.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Feb 22, 2019 at 04:09 PM

    I am able to achieve this with following steps.

    1. Create MyBackofficeAuthenticationProvider which extends BackofficeAuthenticationProvider in the mybackoffice extension.

    2. In mybackoffice-spring.xml in the mybackoffice extension add the below code.

    3. Create a import.xml and imported the mybackoffice-spring.xml in it.

    4. Then add the below property in project.properties file of mybackoffice extension backoffice.additionalWebSpringConfigs.mybackoffice=classpath:/backoffice/spring/import.xml

    Add a comment
    10|10000 characters needed characters exceeded

    • Usama Shaikh Arvind Kumar Avinash

      Thank you for pointing this. I have added the code but don't know how it is not showing up here. I tried editing my answer also. Please find the code below for point #2

       <bean id="myBackofficeAuthenticationProvider"
             class="com.my.backoffice.security.MyBackofficeAuthenticationProvider">
           <property name="userDetailsService" ref="backofficeUserDetailsService"/>
           <property name="userService" ref="userService"/>
       </bean>
      
  • Posted on Feb 22, 2019 at 11:25 PM

    The best way to achieve this is to create a new web module which gets the user authenticated in the 3rd party system, once the user is authenticated, lookup for the user in Hybris Db, once you get the user you can generate Hybris Login Token cookie and redirect to Backoffice. The backoffice consumes the Login Token cookie to log in the user.

    This is the easiest approach for SSO in Hybris. For Reference you can check out Saml extensions.

    the code to generate cookie is

     private void storeToken(final HttpServletResponse response, final UserModel user)
         {
             try
             {
     
                 final String cookiePath = StringUtils.defaultIfEmpty(Config.getParameter(SingleSignOnConstants.SSO_COOKIE_PATH),
                         SingleSignOnConstants.DEFAULT_COOKIE_PATH);
     
                 UserManager.getInstance().storeLoginTokenCookie(
                         //
                         "LoginToken", // cookie name
                         user.getUid(), // user id
                         "en", // language iso code -- to pass user default language code
                         null, // UserManager passes encodedPassword if plainTextPassword is passed as null
                         cookiePath, // cookie path
                         StringUtils.defaultIfEmpty(Config.getParameter(SingleSignOnConstants.SSO_COOKIE_DOMAIN),
                                 SingleSignOnConstants.SSO_DEFAULT_COOKIE_DOMAIN), // cookie domain
                         true, // secure cookie
                         -1, // max age in seconds
                         response);
             }
             catch (final EJBPasswordEncoderNotFoundException e)
             {
                 throw new RuntimeException(e);
             }
         }
    
    
    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Feb 25, 2019 at 06:15 AM

    Hi ,

    I have achieve this kind requirement to overridden (BackofficeAuthenticationProvider#checkBackofficeAccess) the same bean as like Usame in (custom-back-office-ext)-spring.xml.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.