Service provider implementation with SAML 2 and Java

Question

After going through so many google sites, reading so many QA in stackoverflow, really getting confused how to implement SP using SAML 2 with Java.

I understand the theory concept but not getting a clue how to implement it exactly.

Currently, my client already shared IDP metadata file with me and asking for SP metadata file. This is my first struggling point.

1. How to generate metadata files actually? Is there a tool to generate it?
2. How to implement SAMLRequest generation, SAMLResponse parsing using Java libraries.
3. People recommending so many publicly available sites which supports IDP, SP functionalities but could not be able to choose the right one to proceed. I need some specific example of Service Provider implementation in Java with SAML 2.

Really appreciate if somebody help me in this context. Please correct me if my questions are not clear so that i will try to edit it.

Answer 1

If you need to build a SP in Java I would recommend using Spring SAML module or the OpenSAML library , but these may give you more work. If you end up using OpenSAML I have a book, A Guide to OpenSAML , introducing the SAML and the OpenSAML library.

I also have a blogg with many examples .

I would however recommend that you first look into using a ready product for SAML like Shibboleth which is a free and open source solution for SAML. This will save you from needing to learn the specifics of the SAML protocol and also it will be much safer as different security considerations have already been made by the developers.

Answer 2

@Stefan has some good suggestions.

What you need is a SAML protocol client side stack. Refer : SAML : SAML connectivity / toolkit and the links inside the article.

In terms of your questions, different stack do this in different ways. Some of the commercial stacks that I have used have excellent documentation and sample code to do all this.