devops - Configuration OpenAm as an intermediate authentication REST-service which uses another service to authenticate

Question

I have a really interesting and difficult task. What I need is to realise next authentication chain.

Imagin, that you have a secured application, lets it's going to be java Spring Boot app, but it's not matter. And the authentication flow is going to be next:

1. User goes to my Spring Boot App in the first time and see login form.
2. User types his username and password.
3. My app takes this data and send REST-request to openAm instance.
4. OpenAm instance recieves request, takes user credentials and send another authentication request to another identity service via SAML.
5. If identity service says, that user exists, OpenAm configures JWT-Token and send it back to my app in response.
6. My app send this JWT back to client, and client sends this jwt-token with every next request to my backend, which validates this token.

My problem is that I am new in SSO and OpenAm particulary. But what I'v already done is I cinfigured two instances of OpenAm. One works as Identity Server, and the second works as Service Provider. But I have no idea what to do next.

How to configure OpenAm instance which works as Service Provider to be able to recieve simple REST request with user credentials and send it to Identity Provider via SAML next? And is it even possible to implement my case?

Thank you!

question from:https://stackoverflow.com/questions/66059390/configuration-openam-as-an-intermediate-authentication-rest-service-which-uses-a

Answer 1

This does not work when you use OpenAM REST based authentication, however it would work when you just do SSO from your App with OpenAM ,e.g. via SAML or OIDC or REST SSO call. OpenAM could then act as a 'federation hub'. At OpenAM you can delegate the Authentication via SAML or OIDC to an upstream IdP where the actual authentication happens.