[英]Spring Security SAML Implementation
I am starting with new Spring project where i am planning to use SSO. 我开始使用新的Spring项目,我计划使用SSO。 I have red the blogs and come to know spring security SAML will be best solution for SP.
我有红色的博客,并了解Spring安全SAML将是SP的最佳解决方案。
So i have implemented Spring Security SAML sample application provided by spring site https://github.com/SpringSource/spring-security-saml as SP along with Shibboleth IDP. 所以我已经实现了Spring网站https://github.com/SpringSource/spring-security-saml提供的Spring Security SAML示例应用程序作为SP以及Shibboleth IDP。
IDP connects with LDAP server. IDP与LDAP服务器连接。 I am able to execute the Spring security sample application.
我能够执行Spring安全性示例应用程序。
I am confused how can i use this Spring security SAML extension along with multiple spring projects. 我很困惑如何使用这个Spring安全SAML扩展以及多个spring项目。
Any example link or suggestions on architecturing the Spring SAML project integration with multiple Spring MVC application will be helpful. 有关构建Spring SAML项目与多个Spring MVC应用程序集成的任何示例链接或建议都会有所帮助。
Provided your REST APIs are only called by the web application which is deployed together with them (in a single war and therefore sharing the same HTTP session) you can use Spring SAML + Spring Security to secure them. 如果您的REST API仅由与它们一起部署的Web应用程序调用(在单个战争中并因此共享相同的HTTP会话),您可以使用Spring SAML + Spring Security来保护它们。
Spring SAML will be used to authenticate the users against a remote IDP and populate their entitlements (granted authorities); Spring SAML将用于根据远程IDP对用户进行身份验证并填充其权利(授予权限); Spring Security can then be used to define security policies for the APIs called from the UI.
然后,可以使用Spring Security为从UI调用的API定义安全策略。
In case you want to be able to call the REST APIs from remote clients, you may want to look into the Spring Security OAuth project - as this is no longer about web single sign-on. 如果您希望能够从远程客户端调用REST API,您可能需要查看Spring Security OAuth项目 - 因为这不再是关于Web单点登录的。
It is possible to create a central installation of Spring SAML which handles all SSO logic. 可以创建Spring SAML的中央安装,它可以处理所有SSO逻辑。 Of course you will need to implement a mechanism in which Spring SAML relays information about the authenticated user and her attributes to your other applications, and do so in a secure way.
当然,您需要实现一种机制,其中Spring SAML将有关经过身份验证的用户及其属性的信息传递给您的其他应用程序,并以安全的方式执行此操作。 One possible way to approach it (provided the applications are deployed on the same domain and therefore can share cookies) is to:
一种可能的方法(如果应用程序部署在同一个域上,因此可以共享cookie)是:
All of this can be done with implementations to standard interfaces of Spring Security and Spring SAML. 所有这些都可以通过Spring Security和Spring SAML的标准接口的实现来完成。 But it's not a trivial task - mainly considering that any security vulnerability in your implementation might compromise security of your applications.
但这不是一项微不足道的任务 - 主要考虑到您的实施中的任何安全漏洞可能会危及您的应用程序的安全性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.