堆栈内存溢出
  简体   繁体   English

Java桌面应用程序的ADFS / SAML身份验证

[英]ADFS/SAML authentication for Java desktop app

 原文  2016-02-05 16:25:55       java/ authentication/ single-sign-on/ saml/ adfs

问题描述

I have a Java desktop app. 我有一个Java桌面应用程序。 I found a lot of online resources that talk about SSO authentication for web apps. 我找到了很多关于网络应用程序的SSO身份验证的在线资源。 I need the same thing for an old school desktop app. 对于旧式学校桌面应用,我需要同样的东西。 Basically, I need the app to open a browser window, have the user authenticate against ADFS and then get a token back. 基本上,我需要应用程序打开浏览器窗口,让用户对ADFS进行身份验证,然后获取令牌。

How can I add SSO authentication with ADFS/SAML? 如何使用ADFS / SAML添加SSO身份验证?

2 个解决方案

解决方案1
 2 已采纳  2016-02-15 13:35:38

I found the answer. 我找到了答案。

  1. First, the desktop app needs to show a browser window. 首先,桌面应用程序需要显示浏览器窗口。 This can easily be achieved using JavaFX WebView. 使用JavaFX WebView可以轻松实现这一点。 I have successfully tested Google and ADFS login using JavaFX WebView. 我已经使用JavaFX WebView成功测试了Google和ADFS登录。 NB: If you use ADFS you must set up ADFS to use Form-based auth. 注意:如果使用ADFS,则必须设置ADFS以使用基于表单的身份验证。
  2. A helper webservice needs to be built. 需要构建帮助程序Web服务。 The webservice will provide a method secured by any federated authentication mechanism (SAML2, OAuth, etc). Web服务将提供由任何联合身份验证机制(SAML2,OAuth等)保护的方法。 I haven't been able to do this in Java. 我无法用Java做到这一点。 There are some solutions like JOSSO but they're ridiculously cumbersome or severely lacking. 有一些像JOSSO这样的解决方案,但它们非常繁琐或严重缺乏。 However, C# has outstanding support for federated auth which makes it an excellent choice for this task. 但是,C#对联合身份验证具有出色的支持,这使其成为此任务的绝佳选择。
  3. When the user needs to authenticate, the desktop app shows the browser window which automatically calls the method above. 当用户需要进行身份验证时,桌面应用程序会显示自动调用上述方法的浏览器窗口。 After the federated auth handshake, the browser will be able to access the method. 联合身份验证握手后,浏览器将能够访问该方法。 This method tells the desktop app whether the calling user is allowed access. 此方法告诉桌面应用程序是否允许主叫用户访问。
  4. The final step is to close the browser window and log in the user. 最后一步是关闭浏览器窗口并登录用户。

NB: This is not an easy task. 注意:这不是一件容易的事。 It takes about a week's worth of work to put everything together. 把所有东西放在一起需要大约一个星期的工作量。

解决方案2
 -1  2016-02-08 18:59:10

Desktop apps. 桌面应用。 don't have browsers. 没有浏览器。

WS-Fed and SAML are built around browser redirects. WS-Fed和SAML是围绕浏览器重定向构建的。

Why do you need SAML? 你为什么需要SAML? What about OpenID Connect / OAuth? 那么OpenID Connect / OAuth呢?

If that's an option have a look at the ADAL Java samples - Azure Active Directory Authentication Libraries . 如果这是一个选项,请查看ADAL Java示例 - Azure Active Directory身份验证库 There is limited OAuth support in ADFS. ADFS中的OAuth支持有限。 V3.0 V3.0

Your other alternative is to use the active profile (web services) rather than the passive (browser). 您的另一种选择是使用活动配置文件(Web服务)而不是被动(浏览器)。

But that's WS-Trust not SAML. 但那是WS-Trust而不是SAML。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java 具有 ADFS SAML 身份验证的 Web 服务客户端 - Java webservice client with ADFS SAML authentication 使用Microsoft ADFS的Spring Security SAML身份验证失败 - Spring security SAML authentication failure with Microsoft ADFS 使用 ADFS 和 SAML 通过 Java 查询 AD - Using ADFS and SAML for querying AD with Java 从Java中的ADFS获取SAML2令牌 - Get a SAML2 Token from ADFS in Java 如何将整个SAML令牌(从ADFS)传递到Consumer App(速度) - How to pass entire SAML token (from ADFS) to Consumer App (travelocity) 从 ADFS SAML .NET 服务器从 Java 获取请求令牌 - Get request token from ADFS SAML .NET server from Java JAVA 项目与 SSO 使用 SAML 2.0 与 ADFS 和 AD - JAVA project with SSO using SAML 2.0 with ADFS and AD 在java中登录adfs并从saml响应中获取断言 - Login adfs in java and get assertion from saml response Java:访问使用SAML身份验证的API - Java: Access an API that uses SAML authentication Java中的AWS Cognito SAML联合身份验证 - aws cognito SAML federation authentication in java
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM