I'd like to write a web application which does the authentication using SAML 2.0 tokens, issued by an identity provider. I understand, according to this question, that there is a viable solution in the PHP world using simpleSAMLphp.
Is there an equivalent method in the Java world? Are there out of the box solutions and/or tutorials for common servlet containers or application servers?
You can try the OpenSAML project; it provides a Java library for creating and validating SAML tokens.
You could take a look at 2 products:
- JOSSO: http://www.josso.org
- OpenAM, which is a fork of Sun's OpenSSO since Oracle decided to kill it: http://forgerock.com/openam.html
Both have a rather impressive features list and offer a wide list of SSO agents.
The main benefit of the agent approach is that you don't have to care in your application about the authentication process as it is handled by the agent and the SSO infrastructure.
If you're going to develop your own SAML2 Service Provider, using OpenSAML is the way to go. The downside is that this library is not that well documented. Nevertheless you should find easily some tutorials on OpenSAML on the web.
You could implement it for example as a servlet filter, so that your application code is not tied to SAML.
Having recently implemented SAML authentication for an application I found the most useful information in the OASIS SAML2 technical overview document. It's very readable and contains real examples of the XML messages that are passed.
Section 5.1 describes the interaction of having YOUR application (service provider or SP) request authentication to a remote identity provider (Idp).
Providing more up to date answer since this hasn't been visited in a while:
If you're doing a spring project already I've had success with Spring Security SAML. You do not have to be securing your app with Spring Security to use the SAML extension, though it make it a bit easier.
Everything you need was at the OpenSSO site, with OpenAM as it's successor.
来源:https://stackoverflow.com/questions/2207402/web-sso-using-java-and-saml-2-0