Authenticate into Webjea via SAML on IIS

[thlayli123]

I know that normally Webjea uses normal windows authentication for each of the forms used. We've got a requirement to use our SAML provider to add MFA to the login process.

I'm going to test this in our dev environment, but wanted to ask if you see any issues with authenticating via SAML?

[markdomansky]

SAML hasn't been tested. It's on my roadmap to support.

[thlayli123]

Just wanted to relay some info as we try to get SAML working... We ended up setting up a dev server using Shibboleth to try to get webjea configured as a SAML SP. We pass UID as DOMAIN\username. The webjea folder is protected, and passes the UID to webjea. The webjea.log file logs the correct username with this line: 2021-07-16 12:19:58.5958|Trace|1||DOMAIN\username|Page: Start
But responds with the generic error.aspx page.

Just wanted to fill you in

[Billabongodysee]

We are currently using ADFS, WebAppProxy, and DUO to provide 2FA for our instance of WebJEA.

[thlayli123]

@Billabongodysee Would you mind sharing more info about your ADFS/WebAppProxy setup? ADFS is new to me, and seems a bit daunting.

[Billabongodysee]

We have an external load balancer that forwards requests to a WebAppProxy, which forwards requests to ADFS for the purposes of DUO (MFA), once that request has been satisfied the WebAppProxy is just the middle man for access to the WebJEA server. Let me know if you have more questions.