SAML 2.0 EE Plugin for 6.2 EESAML 2.0 EE Plugin for 6.2 EEhttps://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=598359232024-03-28T10:26:06Z2024-03-28T10:26:06ZRE: SAML 2.0 EE Plugin for 6.2 EEAlex Weirighttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1195681662020-07-09T07:46:10Z2020-07-09T07:46:10ZHi Olaf,not sure if anybody is still monitoring at these old threads ...We're now facing exactly the same problem with the SAML integration and I must admit I don't remember how to create hooks in Liferay 6.2. Is there maybe a guide available or would somebody who has already achieved this be willing to share the code? Many thanks in advance, AlexAlex Weirig2020-07-09T07:46:10ZRE: SAML 2.0 EE Plugin for 6.2 EEOlaf Kockhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=598646382015-09-25T08:58:53Z2015-09-25T08:58:53Z<div class="quote-title">Madan Nadgauda:</div><blockquote>Liferay will not support it if any customization is made.</blockquote><br /><br />Well, naturally Liferay can't support custom code, so reproducing issues must be possible in stock Liferay. If there's an issue in your custom resolving of user accounts, that can't be supported, but the other aspects typically can.<br /><br /><div class="quote-title">Madan Nadgauda:</div><blockquote>If we want to read the claim fields we may need to write a hook to read claim attributes and set it to Name ID field with in the code. This involves modifying SamlSpAutoLoginHook class to dig the Name ID from the attributes instead of using the one that's taken from subject . <br />..... <br />Is their a way to make this integration work with Name ID attribute set as transient with out any code changes as the client policy is they will not alter the response to suit our needs</blockquote><br /><br />The SAML plugin has an extension point named "UserResolver" (Java class/interface) that sounds like a good place to work on if I understand your problem correctly. I'd go through that. Google for "plugin to extend a plugin" - this probably will have to be done within the SAML plugin, not in Liferay core, so a hook won't help you.Olaf Kock2015-09-25T08:58:53ZSAML 2.0 EE Plugin for 6.2 EEMadan Nadgaudahttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=598359222015-09-24T21:17:31Z2015-09-24T21:17:31ZWe are using the SAML2.0 EE plugin downloaded from Market Place to do SSO with client internal portal. Liferay is set up as a SP (service provider). Currently we see the SAML request/response coming through OK but Liferay user is not logged in. One of the things is the IDP from client sets the Name ID field as transient and it gives the email address as a claim attribute which we map to the Liferay Email address field, which obviously is not working as of now. As a test when IDP response was changed to pass email address to Name ID attribute the integration worked.<br /><br />My understanding from going through various Liferay blogs is SAML only supports SSO if Name ID field is set to either email address or screenname as the case may be and uses this to log in the user. There's currently no support for picking up the principal name from SAML attribute. If we want to read the claim fields we may need to write a hook to read claim attributes and set it to Name ID field with in the code. This involves modifying SamlSpAutoLoginHook class to dig the Name ID from the attributes instead of using the one that's taken from subject . This change is more of a custom code and not a hook and Liferay will not support it if any customization is made. Is their a way to make this integration work