Spring Boot and SAML 2.0

问题:

Is there a way to integrate SAML 2.0 in a Spring Boot-based application? I'd like to implement my own SP and communicate with a remote IdP.

回答1:

I implemented a sample project in order to show how to integrate Spring Security SAML Extension with Spring Boot.

The source code is published on GitHub:

• spring-boot-saml-integration on GitHub

回答2:

I recently released a spring boot plugin for this here. It is basically a wrapper around Spring Security SAML that allows for friendlier configuration through a DSL or config properties. Here's an example using the DSL:

@SpringBootApplication @EnableSAMLSSO public class SpringBootSecuritySAMLDemoApplication {      public static void main(String[] args) {         SpringApplication.run(SpringBootSecuritySAMLDemoApplication.class, args);     }      @Configuration     public static class MvcConfig extends WebMvcConfigurerAdapter {          @Override         public void addViewControllers(ViewControllerRegistry registry) {             registry.addViewController("/").setViewName("index");         }     }      @Configuration     public static class MyServiceProviderConfig extends ServiceProviderConfigurerAdapter {         @Override         public void configure(ServiceProviderSecurityBuilder serviceProvider) throws Exception {             serviceProvider                 .metadataGenerator()                 .entityId("localhost-demo")             .and()                 .sso()                 .defaultSuccessURL("/home")                 .idpSelectionPageURL("/idpselection")             .and()                 .logout()                 .defaultTargetURL("/")             .and()                 .metadataManager()                 .metadataLocations("classpath:/idp-ssocircle.xml")                 .refreshCheckInterval(0)             .and()                 .extendedMetadata()                 .idpDiscoveryEnabled(true)             .and()                 .keyManager()                 .privateKeyDERLocation("classpath:/localhost.key.der")                 .publicKeyPEMLocation("classpath:/localhost.cert");          }     } }

That's basically all the code you need.

回答3:

You'd have to do all the SAML stuff in XML (surprise, surprise). But the rest shouldn't get in the way, just standard Springy, Booty stuff, e.g.

@EnableAutoConfiguration @Configuration @ImportResource("my-crazy-ass-saml.xml") public class Application implements WebMvcSecurityAdapter {      // set up security filter chain here  }

回答4:

I tried @vdenotaris' solution, but does not seem to work with current spring-boot, and thus given up that approach.

So as an alternate solution I used shibboleth to do all the SAML stuff using the mod_shib2 module in apache httpd, and run tomcat using mod_jk (mod_proxy_ajp could also be used) behind the said apache instance. Tomcat receives all the required SAML attributes as request attributes, and I only have to store the idp and the user id in the regular user table to connect the internal authentication to the external (I need both SAML and password-based authentication).

回答5:

I would recommend checking out the Spring SAML extension

转载请标明出处:Spring Boot and SAML 2.0

文章来源: Spring Boot and SAML 2.0