Spring Boot and SAML 2.0

Question

Is there a way to integrate SAML 2.0 in a Spring Boot-based application? I'd like to implement my own SP and communicate with a remote IdP.

Answer 1

I implemented a sample project in order to show how to integrate Spring Security SAML Extension with Spring Boot .

The source code is published on GitHub:

• spring-boot-saml-integration on GitHub

Answer 2

I recently released a spring boot plugin for this here . It is basically a wrapper around Spring Security SAML that allows for friendlier configuration through a DSL or config properties. Here's an example using the DSL:

@SpringBootApplication
@EnableSAMLSSO
public class SpringBootSecuritySAMLDemoApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringBootSecuritySAMLDemoApplication.class, args);
    }

    @Configuration
    public static class MvcConfig extends WebMvcConfigurerAdapter {

        @Override
        public void addViewControllers(ViewControllerRegistry registry) {
            registry.addViewController("/").setViewName("index");
        }
    }

    @Configuration
    public static class MyServiceProviderConfig extends ServiceProviderConfigurerAdapter {
        @Override
        public void configure(ServiceProviderSecurityBuilder serviceProvider) throws Exception {
            serviceProvider
                .metadataGenerator()
                .entityId("localhost-demo")
            .and()
                .sso()
                .defaultSuccessURL("/home")
                .idpSelectionPageURL("/idpselection")
            .and()
                .logout()
                .defaultTargetURL("/")
            .and()
                .metadataManager()
                .metadataLocations("classpath:/idp-ssocircle.xml")
                .refreshCheckInterval(0)
            .and()
                .extendedMetadata()
                .idpDiscoveryEnabled(true)
            .and()
                .keyManager()
                .privateKeyDERLocation("classpath:/localhost.key.der")
                .publicKeyPEMLocation("classpath:/localhost.cert");

        }
    }
}

That's basically all the code you need.

Answer 3

You'd have to do all the SAML stuff in XML (surprise, surprise). But the rest shouldn't get in the way, just standard Springy, Booty stuff, eg

@EnableAutoConfiguration
@Configuration
@ImportResource("my-crazy-ass-saml.xml")
public class Application implements WebMvcSecurityAdapter {

    // set up security filter chain here

}

Answer 4

I tried @vdenotaris' solution, but does not seem to work with current spring-boot, and thus given up that approach.

So as an alternate solution I used shibboleth to do all the SAML stuff using the mod_shib2 module in apache httpd, and run tomcat using mod_jk (mod_proxy_ajp could also be used) behind the said apache instance. Tomcat receives all the required SAML attributes as request attributes, and I only have to store the idp and the user id in the regular user table to connect the internal authentication to the external (I need both SAML and password-based authentication).

Answer 5

我建议查看Spring SAML扩展

Answer 6

Spring Boot 3 and Spring Security 6 make it awesomely easy! See this answer for my advice.