We already have an IDP. We already have a metadata.xml.
The Application uses Netbeans, Tomcat and Apache. It is not Maven. Just Java.
We need to implement SAML SSO into this non-Maven application.
What is the most straight forward solution?
There are a number of Java libraries that allow one to integrate with a SAML IdP. Here is what comes to mind:
Spring Security SAML: https://github.com/spring-projects/spring-security-saml with a sample application demonstrating the functionality: https://github.com/UniconLabs/spring-security-saml-java-sp
Note that SS SAML uses OpenSAML v2 which has been long deprecated. There are plans to get it updated "soon", but nothing official yet.
You may also use pac4j: http://www.pac4j.org/2.2.x/docs/clients/saml.html This is a Java library based on OpenSAML v3 that provides most if not all of SS SAML functionality in its own ways.
Related
I am looking for saml integration with spring application. I have read some of documents but mostly all are based on spring boot application. Can someone help me to integrate saml in spring application for sso Or suggest the good document guide for the same.
Thanks in advance.
You should be able to take advantage of the Spring Security SAML project:
https://github.com/spring-projects/spring-security-saml
There is a sample project in the repository that demonstrates how one may be able to use the library. It's located here:
https://github.com/spring-projects/spring-security-saml/tree/master/sample
Note that the current official release of this extension builds against OpenSAML v2, and there is a develop branch that is in the process of updating to OpenSAML v3. You are welcome to try and see how that might work for you.
There is also the pac4j project which likewise, allows you build SAML2 SP support into your app and integrate with an identity provider:
http://www.pac4j.org/3.6.x/docs/clients/saml.html
I am working on one Java based web application where I need to write Java code so that this web application can talk to ADFS for authentication purpose.
How to achieve it?
For ADFS 2.0, you can use WS-Federation or SAML.
You need to implement a client-side stack that will handle all the protocol details for you.
Refer: SAML : SAML connectivity / toolkit.
I'm working on a pure Java web application that uses an embedded Jetty and I want to integrate a Shibboleth login. To do this, I'm following switch.ch's guide for Shibboleth Service Provider Deployment, which states:
The Shibboleth Service Provider consists of a daemon shibd running on
all major operating systems and a web server module mod_shib which is
natively supported by:
Apache web servers (versions 1.3.x, 2.x)
IIS (versions 6, 7 and 8)
My question is, is there a way to integrate Shibboleth SSO in my Java web application without using an Apache web server or IIS running shibd? Maybe somebody has done this before and could provide example Servlets/Filters or the like?
I don't want an Webserver in front of the application just for Shibboleth, because it would complicate the installation. Currently, the installation is just two steps: extract the artefact and run the start script and I would appreciate if I could keep it like this.
The Shibboleth Service Provider takes care of a lot of complex use cases like key rotation, metadata refreshing, and attribute re-mapping. If you have an incredibly simple use case, where you need to authenticate users from one Shibboleth Identity Provider that rarely changes, you can consider validating the SAML 2.0 assertion in your Java code directly.
If you use spring-security already, you should probably start by looking at the spring-security-saml project:
http://projects.spring.io/spring-security-saml/
Alternatively, you can start with a low-level library like OpenSAML (https://wiki.shibboleth.net/confluence/display/OpenSAML/Home) or you can start with a higher level library like the LastPass Java SAML SDK (https://github.com/lastpass/saml-sdk-java).
Putting shibboleth sp with web server in front is the easiest way out. Additionally you can add servlet filter and check header , if you find all attributes released by idp validate them against your identity store just for assertion.
I am developing an application on Google App Engine in java. In this application I have to implement SSO using SAML2. My google app engine application will act as service provider and identity provider will be a separate server. I have just to write the SP side of SSO. I am new to SAML and did much google on SAML and come to basic flow of user authentication in SSO. I found opensaml library that can be used to handle SAML messages between Idp and SP. I also found Shibboleth which is the implementation of opensaml library. I am very confuse on the decision of choosing opensaml or Shibboleth. can anyone suggest me on choosing opensaml or Shibboleth and if some one have found any tutorial on SP implementation of SSO in Google app engine he can also share it.
You can embed Spring SAML Extension (product built on top of OpenSAML) into your application. It will enable you to act as a SAML 2.0 Service Provider.
You can see a working demo of such approach at http://saml-federation.appspot.com/ which shows a Spring SAML sample application connected to SSO Circle IDP.
Shibboleth doesn't provide a SAML SP component which can be embedded into applications. The Shibboleth SPs act as plugins to Apache or IIS web servers and cannot be used with Google App Engine.
You can also see the Spring SAML as an example of SAML 2.0 WebSSO implementation to follow in case you'd like to write it youself. Latest documentation is available in Spring repos, sources are at GitHub.
I am developing RESTFUL Java application in this i use JERSEY library. In my application i have to authenticate user with spring security OAuth 2.0 library. I am in need of both provider and client. I have searched lot in internet.
Can any one share a simple example or any nice tutorial with basic steps
Thanks in advance