Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring Boot and SAML 2.0

Is there a way to integrate SAML 2.0 in a Spring Boot-based application? I'd like to implement my own SP and communicate with a remote IdP.

like image 758
vdenotaris Avatar asked Apr 18 '14 08:04

vdenotaris


People also ask

Does spring boot support SAML?

Spring SAML Extension allows seamless inclusion of SAML 2.0 Service Provider capabilities in Spring applications. All products supporting SAML 2.0 in Identity Provider mode (e.g. ADFS 2.0, Shibboleth, OpenAM/OpenSSO, Ping Federate, Okta) can be used to connect with Spring SAML Extension.

Is SAML 2.0 Obsolete?

SAML 2.0 was introduced in 2005 and remains the current version of the standard. The previous version, 1.1, is now largely deprecated.


2 Answers

I implemented a sample project in order to show how to integrate Spring Security SAML Extension with Spring Boot.

The source code is published on GitHub:

  • spring-boot-saml-integration on GitHub
like image 136
vdenotaris Avatar answered Oct 15 '22 19:10

vdenotaris


I recently released a spring boot plugin for this here. It is basically a wrapper around Spring Security SAML that allows for friendlier configuration through a DSL or config properties. Here's an example using the DSL:

@SpringBootApplication
@EnableSAMLSSO
public class SpringBootSecuritySAMLDemoApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringBootSecuritySAMLDemoApplication.class, args);
    }

    @Configuration
    public static class MvcConfig extends WebMvcConfigurerAdapter {

        @Override
        public void addViewControllers(ViewControllerRegistry registry) {
            registry.addViewController("/").setViewName("index");
        }
    }

    @Configuration
    public static class MyServiceProviderConfig extends ServiceProviderConfigurerAdapter {
        @Override
        public void configure(ServiceProviderSecurityBuilder serviceProvider) throws Exception {
            serviceProvider
                .metadataGenerator()
                .entityId("localhost-demo")
            .and()
                .sso()
                .defaultSuccessURL("/home")
                .idpSelectionPageURL("/idpselection")
            .and()
                .logout()
                .defaultTargetURL("/")
            .and()
                .metadataManager()
                .metadataLocations("classpath:/idp-ssocircle.xml")
                .refreshCheckInterval(0)
            .and()
                .extendedMetadata()
                .idpDiscoveryEnabled(true)
            .and()
                .keyManager()
                .privateKeyDERLocation("classpath:/localhost.key.der")
                .publicKeyPEMLocation("classpath:/localhost.cert");

        }
    }
}

That's basically all the code you need.

like image 30
Ulises Avatar answered Oct 15 '22 20:10

Ulises