如何使用 SAML 在 Java 中实现 SSO?
[英]How to implement SSO in Java with SAML?
问题描述
My application uses cuba.platform as framework and I want to implement a LoginProvider.
我的应用程序使用 cuba.platform 作为框架,我想实现一个 LoginProvider。 Here is some documentation about this:这是一些关于此的文档:
https://doc.cuba-platform.com/manual-6.8/web_login.html?_ga=2.22865267.938183531.1520173474-888291717.1510758296 https://doc.cuba-platform.com/manual-6.8/web_login.html?_ga=2.22865267.938183531.1520173474-888291717.1510758296
Is there a simple way to implement this "LoginProvider" of the documentation above to support SAML?是否有一种简单的方法来实现上述文档的“LoginProvider”以支持 SAML?
I tried to find some open source frameworks, but it was hard to find good tutorials or good documentation about this topic.我试图找到一些开源框架,但很难找到关于这个主题的好的教程或好的文档。
So, how is I can implement this LoginProvider?那么,我如何实现这个 LoginProvider?
1 个解决方案
解决方案1
1 2018-03-10 12:57:55
SAML2 is a fairly simple flow and LoginProvider would have to handle it looking at the diagram. SAML2 是一个相当简单的流程,LoginProvider 必须通过查看图表来处理它。 From the page:从页面:
login() - authenticates a user, starts a session and changes the state of the connection
so by the time login() is invoked you should be in possession of the SAML attributes for the user.因此,在调用login() ,您应该拥有用户的 SAML 属性。 Instead of the standard username/password flow for LoginProvider (by what that page says), you would need to do:您需要执行以下操作,而不是 LoginProvider 的标准用户名/密码流程(根据该页面的说明):
- find out which IdP the user is associated with, ie get the entityID of the IdP找出用户与哪个 IdP 相关联,即获取 IdP 的 entityID
- load the SSO endpoint for the entityID from its SAML metadata从其 SAML 元数据加载 entityID 的 SSO 端点
- redirect the browser to the SSO endpoint with a SAMLRequest使用 SAMLRequest 将浏览器重定向到 SSO 端点
- receive the redirected browser at your LoginProvider to get the SAMLResponse在您的 LoginProvider 接收重定向的浏览器以获取 SAMLResponse
- parse the SAML attributes from the SAMLResponse从 SAMLResponse 解析 SAML 属性
login()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.