Skip to main content

Secure a Web App Using Shibboleth Saml

About 2 min

Enable SSO For A Header-Based Web App with Shibboleth

Preview

In this tutorial, we will use the Datawiza Access Proxy (DAP) to enable SSO for a header-based web App. The IdP we will use is Shibboleth Saml. We will use DAP's sidecar deployment mode, which means DAP and this app are running on the same server.

  • The application will run on localhost:3001.
  • The DAP will run on localhost:9772, which means the traffic to the app will reach DAP (running on port 9772) first and then be proxied to the application (running on port 3001).
  • We will provide the docker images for the DAP and this header-based application.

Part I: Shibboleth Saml Configuration

You will need to configure Datawiza as Service Provider (SP) in Shibboleth and get the following value:

  • Metadata Url

This value will later be used to set up Datawiza Access Proxy in Datawiza Cloud Management Console. Please follow IdP Configuration Guide: Shibboleth Saml instructions on how to get this key/value.

Part II: Create Application on Datawiza Cloud Management Console (DCMC)

You need to create an application and generate a keypair of (PROVISIONING_KEY, PROVISIONING_SECRET) for this app on the DCMC.

Please follow Step2 : Datawiza Cloud Management Console to configure. We will use Generic Saml as the IdP.

Part III: Run DAP With a Header-Based Application

You can use either Docker or Kubernetes to run DAP. The following is an example docker-compose.yml file. You may need to login to our container registry to download the images of DAP and the header-based app. See Step3 : Configure DAP and SSO Integration for more details or Deploy DAP with Kubernetes for Kubernetes-specific instructions.

version: '3'

services:
  datawiza-access-proxy:
    image: registry.gitlab.com/datawiza/access-proxy
    container_name: datawiza-access-proxy
    restart: always
    ports:
      - "9772:9772"
    environment:
      PROVISIONING_KEY: #############################
      PROVISIONING_SECRET: #############################

  header-based-app:
    image: registry.gitlab.com/datawiza/header-based-app
    container_name: ab-demo-header-app
    restart: always
    ports:
      - "3001:3001"

After executing docker-compose -f docker-compose.yml up, the header-based app should have SSO enabled with Shibboleth Saml. Open a browser and type in http://localhost:9772/. You should see the Shibboleth Saml login page as follows. Web App Shibboleth SAML SSO | DAP with Shibboleth

Part IV: Pass User Attributes to the Header-Based App

DAP gets user attributes from IdP and can pass the user attributes to the application via header or cookie.

Please follow the instructions of Step4 : Pass User Attributes to pass the user attributes to the header-based app, which is expecting:

  • email
  • firstname
  • lastname
  • username

After successfully configuring the user attributes, you should see the green check sign for each of the user attributes as follows. Web App Shibboleth SAML SSO | Shibboleth with DCMC attributes

Copyright © 2024 Datawiza Technologies Inc