问题
Is there a way to integrate SAML 2.0 in a Spring Boot-based application? I'd like to implement my own SP and communicate with a remote IdP.
回答1:
I implemented a sample project in order to show how to integrate Spring Security SAML Extension with Spring Boot.
The source code is published on GitHub:
- spring-boot-saml-integration on GitHub
回答2:
I recently released a spring boot plugin for this here. It is basically a wrapper around Spring Security SAML that allows for friendlier configuration through a DSL or config properties. Here's an example using the DSL:
@SpringBootApplication
@EnableSAMLSSO
public class SpringBootSecuritySAMLDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SpringBootSecuritySAMLDemoApplication.class, args);
}
@Configuration
public static class MvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("index");
}
}
@Configuration
public static class MyServiceProviderConfig extends ServiceProviderConfigurerAdapter {
@Override
public void configure(ServiceProviderSecurityBuilder serviceProvider) throws Exception {
serviceProvider
.metadataGenerator()
.entityId("localhost-demo")
.and()
.sso()
.defaultSuccessURL("/home")
.idpSelectionPageURL("/idpselection")
.and()
.logout()
.defaultTargetURL("/")
.and()
.metadataManager()
.metadataLocations("classpath:/idp-ssocircle.xml")
.refreshCheckInterval(0)
.and()
.extendedMetadata()
.idpDiscoveryEnabled(true)
.and()
.keyManager()
.privateKeyDERLocation("classpath:/localhost.key.der")
.publicKeyPEMLocation("classpath:/localhost.cert");
}
}
}
That's basically all the code you need.
回答3:
You'd have to do all the SAML stuff in XML (surprise, surprise). But the rest shouldn't get in the way, just standard Springy, Booty stuff, e.g.
@EnableAutoConfiguration
@Configuration
@ImportResource("my-crazy-ass-saml.xml")
public class Application implements WebMvcSecurityAdapter {
// set up security filter chain here
}
回答4:
I tried @vdenotaris' solution, but does not seem to work with current spring-boot, and thus given up that approach.
So as an alternate solution I used shibboleth to do all the SAML stuff using the mod_shib2 module in apache httpd, and run tomcat using mod_jk (mod_proxy_ajp could also be used) behind the said apache instance. Tomcat receives all the required SAML attributes as request attributes, and I only have to store the idp and the user id in the regular user table to connect the internal authentication to the external (I need both SAML and password-based authentication).
回答5:
I would recommend checking out the Spring SAML extension
来源:https://stackoverflow.com/questions/23150126/spring-boot-and-saml-2-0