WebJEA icon indicating copy to clipboard operation
WebJEA copied to clipboard

Published 20 hours ago verified publisher icon markdomansky

Authenticate into Webjea via SAML on IIS

Open thlayli123 opened this issue 4 years ago • 5 comments

I know that normally Webjea uses normal windows authentication for each of the forms used. We've got a requirement to use our SAML provider to add MFA to the login process.

I'm going to test this in our dev environment, but wanted to ask if you see any issues with authenticating via SAML?

thlayli123 avatar Jun 24 '21 19:06 thlayli123

SAML hasn't been tested. It's on my roadmap to support.

markdomansky avatar Jun 27 '21 15:06 markdomansky

Just wanted to relay some info as we try to get SAML working... We ended up setting up a dev server using Shibboleth to try to get webjea configured as a SAML SP. We pass UID as DOMAIN\username. The webjea folder is protected, and passes the UID to webjea. The webjea.log file logs the correct username with this line: 2021-07-16 12:19:58.5958|Trace|1||DOMAIN\username|Page: Start But responds with the generic error.aspx page.

Just wanted to fill you in

thlayli123 avatar Jul 16 '21 20:07 thlayli123

We are currently using ADFS, WebAppProxy, and DUO to provide 2FA for our instance of WebJEA.

Billabongodysee avatar Sep 22 '21 13:09 Billabongodysee

@Billabongodysee Would you mind sharing more info about your ADFS/WebAppProxy setup? ADFS is new to me, and seems a bit daunting.

thlayli123 avatar Sep 29 '21 19:09 thlayli123

We have an external load balancer that forwards requests to a WebAppProxy, which forwards requests to ADFS for the purposes of DUO (MFA), once that request has been satisfied the WebAppProxy is just the middle man for access to the WebJEA server. Let me know if you have more questions.

Billabongodysee avatar Oct 01 '21 12:10 Billabongodysee