Configuring Authentication and Authorization is Not Obvious

[grahamc]

The current documentation makes it pretty difficult to understand and follow how to use the OneLogin SAML authentication provider. After a few hours of debugging and digging I discovered you need to specify authorizationProviders in order for any pages to be made private.

NOTE: The current AuthorizationProviders only require auth for browser requests, so scripts using the API may not require authorization. YMMV, be careful.

This is the configuration I ended up with which successfully uses OneLogin's SAML authentication mechanism:

grails {
        awsAccounts=['YOURACCTNUMBER']
        awsAccountNames=['YOURACCTNUMBER':'accountnickname']
}

plugin {
        authenticationProvider='oneLoginAuthenticationProvider'
        authorizationProviders=['restrictBrowserAuthorizationProvider','restrictEditAuthorizationProvider']
}

secret {
        accessId='YOURACCESSID'
        secretKey='YOURSECRETKEY'
}

security {
        onelogin {
                url='https://app.onelogin.com/trust/saml2/http-post/sso/...'
                logoutUrl='https://app.onelogin.com/logout'
                certificate = 'certificate-base64-encoded'
        }
}

cloud {
        envStyle='prod'
        accountName='accountnickname'
        publicResourceAccounts=['amazon']
}

[thomastheakanath]

Which are the other SAML AuthenticationProviders supported? Wonder if it is feasible to implement something internally using MS Active Directory.