JAVA - SAML 2.0 implementation

1
votes

I've read about SAML and its capabilities, Learned the theory behind it and I think I fully understand the SAML "cycle".
Now i'm stuck at the the point of actually implementing it on my web server (that serves as a service provider).

I want to use SsoCircle as my identity provider (for testing purposes) and Spring-Security-Saml as my SAML library.

My questions are:

  1. What do I need in order to create a SAML metadata? (Probably I lack the understanding of each metadata field)
  2. Once I have the metadata ready what do I need to configure in order to work with SsoCircle IDP? (I took the IDP metadata but don't have a clue what to do with it)
  3. If anyone has a sample project to share it would be amazing. Doesn't have to be in Java.
1
javaspringsamlsaml-2.0spring-saml
Sample source for SSO Circle is available at : github.com/spring-projects/spring-security-saml/tree/master/…. If you want to roll up something of your own , you should also try using WSO2 identity server , to set up both the IdP and SP and then setting up connectivity between them.Ramachandran.A.G

1 Answers

2
votes

  1. If you are using Spring SAML and have it configured correctly, you can navigate to http://localhost:8080/<context>/saml/metadata to download your Service Provider metadata in xml format.

  2. You can created an account with SSOCircle where you can upload or copy paste the SP metadata. This allows SSOCircle to trust your SP because the metadata contains key information.

  3. This example project has is already integrated with SSO circle and a great starting point for learning how all the pieces fit together. In the configuration, you should see where SSOCircle's metadata is loaded into the MetadataManger, along with the Service Provider's metadata.