I have an application using Netty 4.x framework that functions as some kind of server. The authentication must be federated, so now I need to convert it to a SAML2.0 Service Provider.
I did some research, and my concern is that in order to use existing SAML2.0 solutions, ie OpenAM, PingFederate, the Service Provider has to be a web application running in some kind of web container, which, is not the case in my project. Is this true?
I am very new to the Single-sign On and Federation world, I'd truly appreciate any information and tip offered.
SAML in general uses the browser to keep a common "session" between two sites.
This is done as follows:
The form posted to the SAML identity provider is automatically posted back, and the returned authentification is also an automatically posted form. A kinde of cross-site scripting.
A SAML servlet filter could accept this result and put a UserPrinciepal in the application request.
The configuration is not too difficult. You need your own unique key pair for your "server",
All-in-all it was rather time consuming. It helped to set up ones own Identity Provider too. Apache Shiro, a security solution outside the Java EE server world, did not have a SAML solution at the time I worked on SAML.
If you got a demo IdP and SP running, it should not be too difficult to short-cut everything. Maybe using FireFox with the TamperData add-on to inspect the communication.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.