Configuring Ping Federate and Spring SAML to authenticate application

大兔子大兔子 提交于 2019-12-04 17:13:39

Presuming your goal is to establish federation between Ping and your application (in order to e.g. externalize authentication or enable single sign-on), your thinking is correct.

The Ping Federate serves as an Identity Provider (IDP) and you can configure it to connect to your SQL server, so that it can authenticate your existing users from there. IDP communicates with other applications which are called Service Providers (SP).

In order to connect to Ping your application therefore needs to be able to act as a SAML 2.0 Service Provider and using Spring SAML is a very good way to enable it to do so.

The typical flow of data between SP and IDP for single sign-on is similar to:

  1. User accesses SP application which requires authentication
  2. SP creates an AuthenticationRequest and sends it to IDP (using redirect in user's browser)
  3. IDP processes the request and authenticates the user
  4. IDP responds back to SP with an AuthenticationResponse message
  5. SP processes the response and creates a session for the user based on the included data

There is an assumption being made that you need SAML between your Spring app and PingFederate. That is not true depending on how it is deployed and if you (see Andy K follow-up questions). You should check out the OpenToken Integration Kit for Java or perhaps the ReferenceID Int Kit from Ping as a possible solution. Much simpler to integrate than trying to hack together another SAML solution that may not be needed. However, I would recommend talking to your RSA who can give you the best approach for your scenario.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!