简体繁体 English

使用SAML 2和Java实现服务提供程序

[英]Service provider implementation with SAML 2 and Java

原文 2015-09-19 07:25:45 2 2 java/ saml

After going through so many google sites, reading so many QA in stackoverflow, really getting confused how to implement SP using SAML 2 with Java. 经过这么多谷歌网站，在stackoverflow中读取这么多QA，真的很困惑如何使用SAML 2与Java实现SP。

I understand the theory concept but not getting a clue how to implement it exactly. 我理解理论概念，但没有弄清楚如何完全实现它。

Currently, my client already shared IDP metadata file with me and asking for SP metadata file. 目前，我的客户端已与我共享IDP元数据文件并要求提供SP元数据文件。 This is my first struggling point. 这是我的第一个挣扎点。

How to generate metadata files actually? 实际上如何生成元数据文件？ Is there a tool to generate it? 有生成它的工具吗？
How to implement SAMLRequest generation, SAMLResponse parsing using Java libraries. 如何使用Java库实现SAMLRequest生成，SAMLResponse解析。
People recommending so many publicly available sites which supports IDP, SP functionalities but could not be able to choose the right one to proceed. 人们推荐了许多支持IDP，SP功能的公开网站但无法选择合适的网站。 I need some specific example of Service Provider implementation in Java with SAML 2. 我需要一些使用SAML 2的Java服务提供程序实现的具体示例。

Really appreciate if somebody help me in this context. 真的很感激，如果有人在这方面帮助我。 Please correct me if my questions are not clear so that i will try to edit it. 如果我的问题不清楚，请纠正我，以便我尝试编辑它。

2 个解决方案

If you need to build a SP in Java I would recommend using Spring SAML module or the OpenSAML library , but these may give you more work. 如果您需要在Java中构建SP，我建议使用Spring SAML模块或OpenSAML库，但这些可能会为您提供更多工作。 If you end up using OpenSAML I have a book, A Guide to OpenSAML , introducing the SAML and the OpenSAML library. 如果你最终使用OpenSAML，我有一本书，一本OpenSAML指南，介绍了SAML和OpenSAML库。

I also have a blogg with many examples . 我也有一个博客，里面有很多例子。

I would however recommend that you first look into using a ready product for SAML like Shibboleth which is a free and open source solution for SAML. 但是我建议您首先考虑使用SAML的现成产品，如Shibboleth ，它是SAML的免费开源解决方案。 This will save you from needing to learn the specifics of the SAML protocol and also it will be much safer as different security considerations have already been made by the developers. 这将使您无需了解SAML协议的细节，并且由于开发人员已经做出了不同的安全考虑因素，因此它将更加安全。

@Stefan has some good suggestions. @Stefan有一些很好的建议。

What you need is a SAML protocol client side stack. 您需要的是SAML协议客户端堆栈。 Refer : SAML : SAML connectivity / toolkit and the links inside the article. 请参阅： SAML：SAML连接/工具包以及文章中的链接。

In terms of your questions, different stack do this in different ways. 就您的问题而言，不同的堆栈以不同的方式执行此操作。 Some of the commercial stacks that I have used have excellent documentation and sample code to do all this. 我使用的一些商业堆栈具有出色的文档和示例代码来完成所有这些工作。