Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how to configure java app to act as Identity Provider

Tags:

java

configuration

single-sign-on

saml-2.0

I have a very simple java web app where I can manage user registration and authentication. I want to act this application as SAML identity provider. Then I'm going to create another simple web app, which would require user to be authenticated before he can use it. So basically I want my first app to be IdP and my second app to be service provider. The workflow should be like this: user goes to app2. App2 redirects user to app1 where user gets authenticated. If authentication is successful app1 redirects user to app2 where he has full access. I am relatively new to SAML. Is there any tutorial that would help me to do it painlessly?

like image 568
user1745356 Avatar asked Dec 11 '13 14:12

user1745356

People also ask

What is SSO in Java?

It allows users only to register and authenticate at the identity provider to access multiple services. It is based on XML. The OpenID Connect (OIDC) is the successor to SAML 2.0. Also, it is an extension to OAuth 2.0 protocol used for authentication.

How do I enable identity providers in Salesforce?

Salesforce is automatically enabled as an identity provider when a domain is created. After a domain is deployed, admins can add or change identity providers and increase security for their organization by customizing their domain's login policy.

What is identity provider example?

For example, when a third-party website prompts end users to log in with their Google Account, Google Sign-In is the identity provider. A single, consistent identity usable across platforms, applications and networks is called a federated identity.

2 Answers

Have a look at Shibboleth, which is a ready to use implementation of an SAML Identity provider. The fact, that you already have an application, which you want to act as the Identity provider offers you two options:

  1. Configure Shibboleth to use you user data model as an authentication source (not sure if this is possible)
  2. Use the Java Library OpenSAML-Java which is used to implement Shibboleth. This only provides Handling (Creation, Validation, Exchange) of SAML Assertions around the Web SSO profile of SAML 2.0. You have to create the process of Web Request redirection on your own in App2 and App1.

SAML isn't very painless, furthermore its a comprehensive standard which acted as an example for other simpler Standards like OpenID or OAuth (they have some principles in common, but are much simpler for sure). Its pretty much the same story than it was with CORBA vs. Java RMI

Here is a good starting point to gain some basic understanding what is done when using the SAML Web Browser SSO Profile:

  • https://developers.google.com/google-apps/sso/saml_reference_implementation
like image 110
Jürgen Zornig Avatar answered Oct 20 '22 00:10

Jürgen Zornig

There are two parts to your question.

You want:

  • Java SAML server (STS)
  • Java SAML client

Writing a STS is a non-trivial issue. You may be better off using an existing implementation. OpenAM is another possibility. It supports a number of options for identity repositories.

In terms of the client, refer SAML : SAML connectivity / toolkit.

like image 30
rbrayb Avatar answered Oct 20 '22 00:10

rbrayb
Sign in to Comment

Related questions

Convert and display image from byte array
Jersey Client post binary data application-octet/stream
how to convert ANSI to utf8 in java? [duplicate]
Do I need a framework in order to use Dependency Injection? [duplicate]
Java SnakeYaml - prevent dumping reference names
Difference between c:out and print the output using $
ETag support in Spring for versioned entity
How to convert UTF-8 to unicode in Java?
JPA 2 @SequenceGenerator @GeneratedValue producing unique constraint violation
How does sleep() method work on given thread and output?
The @ symbol in java [duplicate]
Spring-Social/Twitter -- ConnectController doesn't respond to /connect?
Cannnot build java project in Eclipse: Parent of resource is marked 'read-only'
Mockito - Creating nested mock objects
Why class need to implement serializable marker interface for serialization? [duplicate]
Eclipse remove "export" history
Starting Jenkins bash: /usr/bin/java: No such file or directory
Possible values for the "java.compiler" system property
Java library for Java to EDI conversion
Waiting for callback for multiple futures

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!