Implementing SSO in enonic cloud

Hey guys, how are y’all?

For one of my clients I am required to implement Single Sign On for their AD. Thing is, their application is being hosted in enonic cloud. Do you guys know if that is possible?

I would love to be able to use https://github.com/Waffle/waffle for this one, or something like that. If otherwise possible, could you guys give me some directions on how should I approach that?

Thanks a bunch!

Are you saying you want users that have logged in to their local Windows machine (with AD) should automatically be logged into XP?

I’m no hardcore AD expert, but one approach is using NTLM. There are even some implementations out there that could help you out such as https://www.ioplex.com/ and their Jespa library (sadly not open source, but not very expensive either). You could wrap this library into an IDprovider and get SSO.

Not sure what browsers actually support this though, so it should be verified acceptable with your client before you continue.

Normally, the best way to do SSO is having an actual SSO server implementing modern approaches such as JWT etc.

Hey, thanks for the reply!

So, the question was more focused on “Can Enonic Cloud handle those things?”, because for whatever approach I may want to use, the server will need to be configured to handle that.

I’m not sure I can authenticate someone in one domain, and have those credentials used in another one, do you see my point? Since my client’s server is enonic cloud…

By “domain”, are you thinking about AD domains, or internet domain names? Essentially Enonic Cloud would work fine with any SSO system as long as it is able to communicate with it.

You can also use direct logins agains AD from Enonic using the LDAP plugin https://market.enonic.com/vendors/enonic/com.enonic.app.ldapidprovider - but I guess you already know this?

Right, we’re already using ldap app, and it’s working wonders. But we require the single sign on stuff as well, instead of typing the username and password.

I was asking because most of those java plugins I can think of, are pretty specific on the server requirements, and I didn’t want to come up with a solution without knowing it would, indeed, work on enonic cloud. But since you said enonic cloud would work fine with that, then I’ll go ahead and proceed, should I have any trouble regarding the cloud, I’ll be in touch again haha.

Thanks!

1 Like