Java and SAML - where to start?
Question
We have a custom REST web app (Java based) that uses username/password to login. Call this application 'Admin'. The users of Admin also use a couple of commercial cloud based applications, call these App1 and App2. What I've been asked to do is investigate how we can use single sign on between Admin, App1 and App2. App1 and App2 can be configured to use SAML and I have full access to the code of the Admin application. I've done some preliminary reading and understand the principles involved.
I want to prototype some code but I'm not sure where to start! For example how should I proceed with the identity provider? What interface should it implement, is there an abstract class that should be extended? Similarly for the service provider. Given that App1 and App2 can be configured to use SAML what changes/extensions are needed on the Admin app?
Many Thanks M
2 answers
solution1
0 2016-11-09 04:54:54
Disclaimer: I'm the creator of pac4j.
If you have Java apps and want to secure them using SAML, you should definitely take a look at pac4j which is a security engine available for many Java frameworks: J2E , Spring MVC / Boot , Play and so many more.
For SAML support: http://www.pac4j.org/1.9.x/docs/clients/saml.html
solution2
0 2016-12-14 15:35:33
Shibboleth provides both IdP and SP (implemented with OpenSAML v3) for you to test with:
- https://wiki.shibboleth.net/confluence/display/IDP30/Installation
- https://wiki.shibboleth.net/confluence/display/SHIB2/Installation
If you want to integrate SAML into your own application in Java, there are:
- OpenSAML v3: https://wiki.shibboleth.net/confluence/display/OS30/Home
- Spring Security SAML: http://projects.spring.io/spring-security-saml/
- Spring boot Security SAML: https://github.com/vdenotaris/spring-boot-security-saml-sample
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.