I have a web page hosted outside Bonita and I need to call a Bonita REST API endpoint to display some Bonita-related information. For instance, I want to display the number of tasks which are assigned to the current user.
In my use case, SSO with SAML is enabled on Bonita. It uses the same identity provider as my external website.
How can I make this REST API call from some frontend code in my web page in order to leverage the SSO transparently?
Hello,
this use case is not covered by the actual implementation of SAML for Bonita.
But you may try one of the following solution (I have no time to test it for the moment):
Solution 1:
- Edit the Bonita web.xml file to add the API url patter to the SAML filter,
<filter-mapping >
<filter-name> SAMLFilter </filter-name>
...<url-pattern> /API/* </url-pattern>
...
- then verify that your Bonita platform is well configured for CORS
(see https://documentation.bonitasoft.com/bonita/7.11/enable-cors-in-tomcat-bundle
and https://community.bonitasoft.com/blog/manage-web-browsers-new-cors-behavior )
This solution would be the best and may work without a custom SAML filter implementation.
The only bad side effect is that in case the session is in timeout, the API call would return the IDP Login page. So you may need to handle this in the web application that trigger the API call.
Solution 2:
This one more Bonita oriented.
- You could create a custom page "Bonita-related-information-page" that display the information you need,
- verify that this page will be available for all the users you need
(Create a dedicated profile? Or add this page as an orphan page in a Living Application?).
- include an iframe in your web application, that target the "Bonita-related-information-page"
Using this solution, you don't need any SAML extra configuration, neither CORS configuration.
Let me know if one of those solutions work for you,
Julien.
Thanks for these solutions!