SAML and domain support

Jorge Villafuerte 3 years ago in Home Portal updated by Marcin Jakubowski 3 years ago 6

Do you have in your roadmap to support SAML or LDAP to integrate XTRF to a federated identity system?

Also do you have any plans to improve access rights table since it does not work really well when restricting permissions.


The SAML or LDAP can already be integrated with XTRF by using authorization header injection by proxy. You isolate the application behind authenticating proxy and it only sends the proper header with logged username. This was designed with SiteMinder in mind ( :) ) - the SM_USER header, but should work with any other authenticating proxy.

The XTRF however cannot create new users with this mechanism, they have to be added beforehand.

Thanks for the explanation, however it would be nice to have integration with SAML applications like Google or Lastpass for example. Same for LDAP.

Hi Marcin,

I have one more question, It would be possible to separate client and vendor portals from the home portal, since if we use the proxy it will affect only the home portal or also the vendor/client portal?



Yes, for example for Apache HTTPD as a proxy:

<Location /xtrf/>
    AuthName "CROWD Auth"
    AuthType Basic
    AuthBasicProvider crowd
    ... other details
    RequestHeader set "YOUR_AUTH_HEADER" %{REMOTE_USER}s
ProxyPass / ajp:// max=30 retry=10 nocano

Moreover, the header injection auth works only for home portal so you might even ignore the portal separation.