I am developing an application on Google App Engine in java. In this application I have to implement SSO using SAML2. My google app engine application will act as service provider and identity provider will be a separate server. I have just to write the SP side of SSO. I am new to SAML and did much google on SAML and come to basic flow of user authentication in SSO. I found opensaml library that can be used to handle SAML messages between Idp and SP. I also found Shibboleth which is the implementation of opensaml library. I am very confuse on the decision of choosing opensaml or Shibboleth. can anyone suggest me on choosing opensaml or Shibboleth and if some one have found any tutorial on SP implementation of SSO in Google app engine he can also share it.
You can embed Spring SAML Extension (product built on top of OpenSAML) into your application. It will enable you to act as a SAML 2.0 Service Provider.
You can see a working demo of such approach at http://saml-federation.appspot.com/ which shows a Spring SAML sample application connected to SSO Circle IDP.
Shibboleth doesn't provide a SAML SP component which can be embedded into applications. The Shibboleth SPs act as plugins to Apache or IIS web servers and cannot be used with Google App Engine.
You can also see the Spring SAML as an example of SAML 2.0 WebSSO implementation to follow in case you'd like to write it youself. Latest documentation is available in Spring repos, sources are at GitHub.
Related
I have an web application whcih allows only google users and uses spring-boot-starter-oauth2-client to obtain authentication. I want to integrate Google API into my application, but all examples using its onw Oath2 process to authenticate user. How can I reuse existing spring boot google login for interaction with google API services?
Thanks!
You have to use the spring-boot-starter-oauth2-client dependency that allows the client registration for oauth2 providers, but before that it's necessary the client-id and client-secret provided by your oauth2 provider (such google). Here's a nice guide of how do that.
We already have an IDP. We already have a metadata.xml.
The Application uses Netbeans, Tomcat and Apache. It is not Maven. Just Java.
We need to implement SAML SSO into this non-Maven application.
What is the most straight forward solution?
There are a number of Java libraries that allow one to integrate with a SAML IdP. Here is what comes to mind:
Spring Security SAML: https://github.com/spring-projects/spring-security-saml with a sample application demonstrating the functionality: https://github.com/UniconLabs/spring-security-saml-java-sp
Note that SS SAML uses OpenSAML v2 which has been long deprecated. There are plans to get it updated "soon", but nothing official yet.
You may also use pac4j: http://www.pac4j.org/2.2.x/docs/clients/saml.html This is a Java library based on OpenSAML v3 that provides most if not all of SS SAML functionality in its own ways.
I am working on one Java based web application where I need to write Java code so that this web application can talk to ADFS for authentication purpose.
How to achieve it?
For ADFS 2.0, you can use WS-Federation or SAML.
You need to implement a client-side stack that will handle all the protocol details for you.
Refer: SAML : SAML connectivity / toolkit.
I am creating a web application on GAE. In this application i have to implement the SSO feature using SAML 2.0. I am suffering lot on web but i didn't find any example. I get the knowledge how SAML work, which library i have to use in java. But before starting i want to know if this feature is possible in GAE. I know google apps are based on SAML and provide SSO functionality. But i didn't find any link where it stated that GAE also support SAML and we can create SAML application on GAE. Thanks
I have done some integration with my demo google app engine account. Here i used Java based SAML2 IDP in my local which has been connected to LDAP user store. And using this IDP, i could login to google app account. Here what i understood. We need to configure about the IDP details (uri and so on) in the google account and upload a certificate of my IDP. Then i want to create same user which was in my IDP, in the google app account (I guess, it is for authorization purpose). Once i tried to login to google app, then it redirects me to my local SAML2 IDP and i need to provide user credentials to IDP. Then i would be directed to google app and can login to it. Here is some guide how to enable SAML2 SSO with shibboleth. I guess this would be help you.
I am developing RESTFUL Java application in this i use JERSEY library. In my application i have to authenticate user with spring security OAuth 2.0 library. I am in need of both provider and client. I have searched lot in internet.
Can any one share a simple example or any nice tutorial with basic steps
Thanks in advance