简体繁体 English

SAML SSO客户端，测试模拟器SAML Provider / Server

[英]SAML SSO client, Test simulator SAML Provider/Server

原文 2010-11-27 12:21:30 3 3 java/ single-sign-on/ saml

SAML, SSO is a new learning in my project. SAML，SSO是我项目中的一个新学习。 I don't have enough time to experiment to find the correct tools/APIs. 我没有足够的时间来试验找到正确的工具/ API。 Requesting you to help. 请求你帮忙。

I need to implement SAML Client (on Java) which must be able to send SAML assertions and receive SAML response from SAML provider/server. 我需要实现SAML Client（在Java上），它必须能够发送SAML断言并从SAML提供者/服务器接收SAML响应。 Which Java API should I use to write SAML client in Java? 我应该使用哪种Java API在Java中编写SAML客户端？

And our customer already has SAML responder/server which receives the SAML request and sends the SAML response with the user profiles and other information. 我们的客户已经拥有SAML响应者/服务器，它接收SAML请求并发送带有用户配置文件和其他信息的SAML响应。 But we need to write test simulator SAML responder/server. 但我们需要编写测试模拟器SAML响应器/服务器。 I have used Apache & Tomcat servers. 我使用过Apache和Tomcat服务器。 Which server/APIs should I use to implement this test simulator SAML responder/server? 我应该使用哪些服务器/ API来实现此测试模拟器SAML响应器/服务器？

3 个解决方案

We use OpenSAML, which is quite flexible and not that hard to learn/use. 我们使用OpenSAML，它非常灵活，而且难以学习/使用。 I've used it to write service providers (including some client-customized versions), handle both solicited and unsolicited SAMLResponse XML, send AuthnRequests to an identity provider, call an IdP AttributeQuery service, and simulate identity provider SAMLResponse XML (for testing). 我用它来编写服务提供者（包括一些客户端定制版本），处理请求和未经请求的SAMLResponse XML，将AuthnRequests发送到身份提供者，调用IdP AttributeQuery服务，以及模拟身份提供者SAMLResponse XML（用于测试）。

I think from your description that you'll be writing the identity provider part? 我想从你的描述中你会写出身份提供者部分吗？ If you're just doing simple unsolicited SAMLResponse XML, OpenSAML is probably overkill for you. 如果你只是在做简单的未经请求的SAMLResponse XML，那么OpenSAML可能对你来说太过分了。 If your XML messages are mostly the same, with just a few content elements changing from request to request, then you can just use a simple string template and fill in the few changing elements, no special SAML libraries necessary. 如果您的XML消息大致相同，只有少数内容元素从请求变为请求，那么您可以使用简单的字符串模板并填写少数更改元素，无需特殊的SAML库。

One thing you say does confuse me: 你说的一件事让我很困惑：

our customer already has SAML responder/Server which receives the SAML request and sends the SAML response with the user profiles 我们的客户已经有SAML响应者/服务器，它接收SAML请求并发送带有用户配置文件的SAML响应

If they are the service provider and this is SAML SSO, then they receive SAMLResponse XML through a browser request, and respond by displaying content in the user's browser. 如果他们是服务提供商并且这是SAML SSO，那么他们通过浏览器请求接收SAMLResponse XML，并通过在用户的浏览器中显示内容来做出响应。 They do not send you a response with user profiles. 他们不会向您发送包含用户个人资料的回复。 You may not have time to experiment, but I would encourage you to spend a little time reading the SAML documents - even just reading SAMLOverview should give you a little more grounding. 您可能没有时间进行实验，但我鼓励您花一点时间阅读SAML文档 - 即使只是阅读SAMLOverview也应该给您更多的基础。

I am using Open SAML on client side and simple HTTP request/response on the server side because i dont have so many SAML request types. 我在客户端使用Open SAML，在服务器端使用简单的HTTP请求/响应，因为我没有这么多SAML请求类型。 So better not to use such complex web service and SAML APIs on server side. 因此最好不要在服务器端使用这种复杂的Web服务和SAML API。

OpenSAML is a set of open source C++ & Java libraries meant to support developers working with the Security Assertion Markup Language (SAML). OpenSAML是一组开源C ++和Java库，旨在支持使用安全断言标记语言（SAML）的开发人员。 See openSAML API 请参阅openSAML API