We are been able to connect to our IDP using the reference of the demo app based on JEE https://github.com/pac4j/jee-pac4j-demo by providing necessary data for Hana IDP.

Our product internal architecture is based on

• JEE[Frontend], core Java[backend] & C++ [backend].
• JEE request for an enterprise session by requesting a user credential OR by trusted Authentication to backend. On successful validation backend provides an enterprise session for the user.

Pac4j JEE based implementation and SAML is suitable for our architecture.

But, One problem we are facing:

• After user authentication happened between IDP and SP. How the user can be authenticated in our backend for a valid session[of our enterprise session]?
• Is there any information[like, assertion or some other data], we can extract from pac4j SP and pass in our backend for further verification in backend side?

Here the reference code we have used for connecting and authenticated with Hana IDP.

public Config build(final Object... parameters) {

......

final SAML2Configuration cfg = new SAML2Configuration("resource:samlKeystore.jks",
                                            "Password1",
                                            "Password1",
                                            "resource:samltest-providers.xml");
                                            
......

cfg.setMaximumAuthenticationLifetime(3600);
cfg.setServiceProviderEntityId("http://xx.xx.xx.xx:8080/callback?client_name=SAML2Client");
        
cfg.setServiceProviderMetadataPath(new File("sp-metadata.xml").getAbsolutePath());
final SAML2Client saml2Client = new SAML2Client(cfg);

......

final Clients clients = new Clients("http://xx.xx.xx.xx:8080/callback", oidcClient, saml2Client, facebookClient,
        twitterClient, formClient, indirectBasicAuthClient, casClient, stravaClient, parameterClient,
        directBasicAuthClient, new AnonymousClient(), casProxy);
        
final Config config = new Config(clients);
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
config.addAuthorizer("custom", new CustomAuthorizer());

.....

final DefaultSessionLogoutHandler defaultCasLogoutHandler = new DefaultSessionLogoutHandler();
defaultCasLogoutHandler.setDestroySession(true);
config.setSessionLogoutHandler(defaultCasLogoutHandler);

return config;
}

Your valuable advice will be really helpful.

Regards
Rajib