How to configuration of IDP metadata and SP metadata in Spring Security SAML sample?

4
votes

I want to deal with Spring Security SAML. For this, I start to explore Spring Security SAML. At the beginning, I create an account at SSOCircle. Than I configurated of IDP metadata and generation of SP metadata (4.2.2 and 4.2.3). At entityId I set:

 <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
    <constructor-arg>
        <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
            <property name="entityId" value="http://idp.ssocircle.com"/>
        </bean>
    </constructor-arg>
 </bean>

When I start application, I have:

Error occurred:
Reason: Unable to do Single Sign On or Federation.

or 

Error occurred:
Reason: Unable to get AuthnRequest.

How to configure Spring Security SAML?

2
javaspringspring-securityspring-samlopensaml
Hi, i don't know about you. but one thing to clarify with you is about SAML integration with spring security. Have you done SAML integration? because i stuck on that from 5 days. i have two web portals and i wanna integrate them to SAML i.e single sign on. am using spring mvc . i want to get saml with spring security . can you please tell me about that. thanks in advanceuser4184746
@Mehbub, Unfortunately, I haven't a good news. I not understood Spring Security SAML too.somebody
ops :( if u get any info plz let me knowuser4184746

2 Answers

16
votes

Follow the steps in the QuickStart chapter. Some differences to note:

  1. Sign up at http://www.ssocircle.com/. You need to verify your email address.

  2. The metadataGeneratorFilter section of sample/src/main/webapp/WEB-INF/securityContext.xml should look like this (Note: signMetadata property is commented out):

    <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
    <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
      <property name="entityId" value="urn:test:YourName:YourCity"/>
  <!--<property name="signMetadata" value="false"/>-->
    </bean>
</constructor-arg>

  3. Build and start the web server locally. Then download the metadata at http://localhost:8080/spring-security-saml2-sample/saml/metadata. Copy the contents to your clipboard.
  4. Update the metadata of your new profile at https://idp.ssocircle.com/sso/hos/ManageSPMetadata.jsp.
  5. Enter the FQDN of the service as "urn:test:YourName:YourCity". You need to enter unique values for Your Name and Your City. Paste in the metadata from above.
  6. To Test:
    1. Logout of SSO Circle Service.
    2. Go to http://localhost:8080/spring-security-saml2-sample
    3. You should be redirected to the SSO Circle login.
    4. Login with your SSO Circle credentials.
    5. You should be redirected to your local service provider page and authenticated.
3
votes

The metadata generator filter generates metadata for your application (service provider). The entity id you're providing (http://idp.ssocircle.com) is already used by the SSO Circle, you should create a unique value which describes your application, e.g. urn:test:helsinki:myapp

Just like the manual says:

make sure to replace the entityId value with a string which is unique within the SSO Circle service (e.g. urn:test:yourname:yourcity)