如何为Spring Boot应用程序实现SAML?
[英]How do I implement SAML for my Spring Boot application?
问题描述
I have an internal application hosted on AWS with https. 
我有一个内部应用程序,它通过https托管在AWS上。 I need help understanding how to implement SAML authentication to my web application. 我需要帮助,以了解如何对我的Web应用程序实施SAML身份验证。 I am using Spring Boot for my backend and AngularJS for my front end. 我的后端使用Spring Boot,前端使用AngularJS。 I am using ADFS as my IP. 我正在使用ADFS作为我的IP。 From what I gather, the following are the steps. 根据我的收集,以下是步骤。
- Get a https URL for your application 获取您的应用程序的https URL
- Create a basic ADFS trust. 创建基本的ADFS信任。
- Add the roles on ADFS 在ADFS上添加角色
- Get a metadata URL and enter it in your application.properties. 获取元数据URL并将其输入到application.properties中。
I am trying to implement SAML for the first time and have confused myself completely. 我正在尝试第一次实施SAML,并完全感到困惑。 Any thoughts shared would be greatly appreciated. 任何想法共享将不胜感激。
1 个解决方案
解决方案1
0 2017-10-10 13:49:42
Your Spring Boot application needs to be a Service Provider (SP) that trusts your ADFS Identity Provider (IdP) and you ADFS IdP needs to trust your SP. 您的Spring Boot应用程序必须是信任您的ADFS身份提供程序(IdP)的服务提供商(SP),而ADFS IdP需要信任您的SP。 This trust is usually done using the SAML2 metadata profile, ie the SP and IdP SAML2 metadata files. 通常使用SAML2元数据配置文件(即SP和IdP SAML2元数据文件)来完成此信任。
You can either design your application as a 'standalone', ie no SAML ability and put something in front of it that understand SAML and blocks all requests until the IdP sends attributes. 您可以将应用程序设计为“独立”应用程序,即没有SAML功能,并在其前面放置一些可以理解SAML并阻止所有请求的操作,直到IdP发送属性为止。 This is how the standard Shibboleth SP works but it needs Apache. 这就是标准Shibboleth SP的工作方式,但它需要Apache。 The other option is to use the framework to plumb in the SAML capability such as Spring Security SAML 另一个选择是使用框架来探查SAML功能,例如Spring Security SAML。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.