Single Sign On - SSO

Introduction

Joget SSO on G Suite

See Joget Low Code Application Platform for G Suite.

Joget SSO with Keycloak

See Joget SSO with Keycloak.

Joget SSO with Azure Active Directory

See Joget SSO with Azure Active Directory.

Joget SSO to Active Directory with Kerberos

See Joget SSO to Active Directory with Kerberos.

OpenID Connect

See OpenID Connect Directory Manager Plugin.

Joget SharePoint SSO Integration

See Joget SharePoint SSO Integration.

Login an User Programmatically

You can build your own Web Service Plugin to perform custom SSO implementation.

import org.joget.apps.workflow.security.WorkflowUserDetails;
import org.joget.directory.model.service.DirectoryManager;
import org.joget.workflow.model.service.WorkflowUserManager;
import org.joget.apps.app.service.AppUtil;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.joget.directory.model.User;
import org.joget.workflow.util.WorkflowUtil;
import org.springframework.security.core.context.SecurityContextHolder;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
  
//Get service beans
DirectoryManager dm = (DirectoryManager) AppUtil.getApplicationContext().getBean("directoryManager");
WorkflowUserManager workflowUserManager = (WorkflowUserManager) AppUtil.getApplicationContext().getBean("workflowUserManager");
  
//Login as "clark"
String username = "clark";
User user = dm.getUserByUsername(username);
 
if (user != null) {
    WorkflowUserDetails userDetail = new WorkflowUserDetails(user);
  
    //Generate an authentication token without a password
    UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userDetail.getUsername(), "", userDetail.getAuthorities());
    auth.setDetails(userDetail);
    //Login the user
    SecurityContextHolder.getContext().setAuthentication(auth);
    workflowUserManager.setCurrentThreadUser(user.getUsername());
 
    // generate new session to avoid session fixation vulnerability
    HttpServletRequest httpRequest = WorkflowUtil.getHttpServletRequest();
    HttpSession session = httpRequest.getSession(false);
    if (session != null) {
        SavedRequest savedRequest = (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
        session.invalidate();
        session = httpRequest.getSession(true);
        if (savedRequest != null) {
            session.setAttribute("SPRING_SECURITY_SAVED_REQUEST", savedRequest);
        }
    }
}

Note that if you are adding these code in a filter, you will need to store the SecurityContext to session.

//Store SecurityContext to session to avoid spring security to clean it.
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());