We are implementing an SSO solution for our BOE server using a Servlet filters. The first filter in the request chain takes care of logging in a user via a firm standard web page and external authentication service.
We are proposing a design of our BOE-SSO filter is as follows:
doFilter(... ) {
..
String userId = extractUserid(); // from proprietary security context set up by first filter in the chain
ISessionMgr sm;
try {
sm = CrystalEnterprise.getSessionMgr();
loggedIn = isUserLoggedIn(userId); // Question 1 - What APIs would we use to do determine is a valid BOE user session exists ?
if(!loggedIn) {
// created trusted principal and log in to BOE server
ITrustedPrincipal trustedPrincipal = sm.createTrustedPrincipal(userId, cmsEndpoint);
IEnterpriseSession enterpriseSession = sm.logon(trustedPrincipal);
// Question 2 - Is it possible to set the groups to which the user contained in the EnterpriseSession is assigned, using the SDK APIs. We manage group assignments using an external service, and provided they match the groups used in defining entitlements in the BOE server, we prefer to manage the membership in our external service
}
}
catch(...) {
...
}
...
}