Hi We have Appian installed and configured it with SSO for authentication.

Take a look at the documentation here for tips on creating a custom authentication filter:
forum.appian.com/.../Authentication.html

I have gone through the custom Filter documentation. It says we need to extend our custom filter from AbstractAuthenticationProcessingFilter class. But i could not see AbstractAuthenticationProcessingFilter class in the Appian suite Public API.
So I am not sure where this AbstractAuthenticationProcessingFilter can be located?
Also how to deploy my custom filter java file?

Documentation provides spring bean configuration for myfilter as below:
<bean id="myFilter" class="com.appiancorp.MyFilter">
<property name="sessionAuthenticationStrategy">
<ref bean="sessionAuthenticationStrategy"/>
</property>
...
</bean>

i.e com.appiancorp.MyFilter references sessionAuthenticationStrategy.
but i didnt see any bean definition for sessionAuthenticationStrategy in my spring-security-03-auth-mgr-override.xml.
So I am not sure how my filter gets linked in the spring security call chain for authentication.

Appreciate your help in clarifying these questions. Also Please provide me if you have a sample for this requirement.

thanks a lot
Jhothi

AbstractAuthenticationProcessingFilter is a Spring class:
docs.spring.io/.../AbstractAuthenticationProcessingFilter.html

To create a bean definition for a custom Java class take a look at this example:
forum.appian.com/.../Additional_Authentication_Examples.html

Hi Aleksi White

Thanks so much for your help. I am getting clear picture now. Just two questions:
1) Where do I place my custom Java class for filter ? Will it work if I place the class file in <appianinstallfolder>\\ear\\suite.ear\\web.war\\WEB-INF\\classes
2) <ref bean="sessionAuthenticationStrategy"/> - org.springframework.security.web.authentication.session.SessionAuthenticationStrategy is an interface in spring framework. Does Appian recommend any specific implementation for this interface?

thanks
Jhothi.

1) I would recommend that you create a .jar file for that class. Then place it in <APPIAN_HOME>/ear|runtime_ear/suite.ear/lib and restart the application server to pick up the new jar
2) As far as I know we have no preference for how this should be implemented

Hi
As Discussed I created a class called com.example.MyFilter that extends AbstractAuthenticationProcessingFilter. Here is my bean configuration:
<bean id="myFilter" class="com.example.MyFilter">
<property name="sessionAuthenticationStrategy" ref="webApiSessionAuthenticationStrategy" />
<property name="authenticationDetailsSource" ref="webApiAuthenticationDetailsSource"/>
<property name="authenticationManager" ref="authenticationManager" />
<property name="successHandler" ref="MyAuthenticationSuccessHandler" />
</bean>

I created MyAuthenticationSuccessHandler class and overrriden the onAuthenticationSuccess method which will notify me successful authentication and here i can write code for triggering a business process automatically on login.

Also I created com.example.MyFilter that extends AbstractAuthenticationProcessingFilter and overridden the requiresAuthentication method as specified in the link:
forum.appian.com/.../Authentication.html

But this AbstractAuthenticationProcessingFilter has one more unimplemented method called "attemptAuthentication". When i read the spring documentation, I understood that "attemptAuthentication" method does the actual authentication.

In my implementation I need the authentication from SSO and i dont want to override how user gets authenticated. All I need is to get a handle to AuthenticationSuccess.
Since attemptAuthentication is unimplemented method, I am not sure how to proceed now?

Please help.
Also please suggest me whether this approach works for my requirement - triggering a business process automatically after SSO login.

Thanks in advance
Jhothi

At this point the details are getting out of my area of expertise. I would recommend contacting your Appian POC and working with Professional Services on this.