Open Closed

Role Assignment for SAML SSO Users in ABP.IO And How to generate access token in backend after SSO authenticated ? #7471


User avatar
0
Repunjay_TASC created
  • ABP Framework version: 7.4.2
  • UI Type: Angular
  • Database System: EF Core (PostgreSQL)
  • Tiered Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

We are integrating third-party SSO SAML2.0, User will authenticated from that IDP. And get redirected our application to successful authentication. Once user land in our application it will be authorize to assign proper role. Process :-

  1. We do not maintain user information in our database; however, we do assign roles to users because the role and the user link are part of the ABP table. So how we can assign a role without user information?

  2. we are try to add entry in abp user table only with email id then there some required fields which we have to insert password and all how we are going to insert information.


12 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    So how can you assign a role without user information?

    It is not possible. The UserManager/RoleManager needs the IdentityUser and IdentityRole.

    we are try to add entry in abp user table only with email id then there some required fields which we have to insert password and all how we are going to insert information.

    You can use the constant value for these properties.

  • User Avatar
    0
    Repunjay_TASC created

    hi

    So how we can assign a role without user information?

    It is not possible. The UserManager/RoleManager needs the IdentityUser and IdentityRole.

    we are try to add entry in abp user table only with email id then there some required fields which we have to insert password and all how we are going to insert information.

    You can use the constant value for these properties.

    You are suggesting that a constant value must be used for required properties when adding user information to the user and role tables But the user logged in with a different password from IDP and our database had a different password, this scenario did not work for SSO.

  • User Avatar
    0
    Repunjay_TASC created

    Any update ?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    But the user logged in with a different password from IDP and our database had a different password, this scenario did not work for SSO.

    You can disable password login on your website. The user can only log in with an external provider(IDP).

    If you can get password from IDP then you can set it as your local user password.

    However, generally, local users' passwords can be different from those of IDP users. For example, you can use a Google account to log in to a website and set a website password, which can be different from that of Google.

  • User Avatar
    0
    Repunjay_TASC created

    ok thanks for update

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    : )

  • User Avatar
    0
    Repunjay_TASC created

    in AbpUsers table isExternal column present what is use of this column ?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer
  • User Avatar
    0
    Repunjay_TASC created

    ok thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    : )

  • User Avatar
    0
    Repunjay_TASC created

    I have created this ticket regarding SSO only, but no one reply on this and it's high priority. can you pls help on this as well ? https://support.abp.io/QA/Questions/7481/Add-an-public-page-to-Angular-site-without-Authorization

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Our angular team will reply asap.

    sorry for that.

Made with ❤️ on ABP v9.0.0-preview Updated on July 18, 2024, 06:07