Spring Security SAML with wso2 IS

0
votes

I am trying to integrate(SSO) multiple service providers using spring security and wso2 identity server 5.1.0 I have integrated spring security SAML sample with Wso2 IS as according to the blog for only one service provider and its running perfectly fine, but I am not able to do SSO for multiple service providers. I have checked everything but no luck.

Please find below what I think it should be but I am not sure how to achieve this.

WSO2 IS : created a service provider with unique SAML issuer id(ex. spring-security),which will be used from different service providers for SSO.

SP1 : Service provider should send Authn request having issue id(spring-security) and a assertion consumer url(ex. localhost:8080/...).

SP2 : Service provider should send Authn request having issue id(spring-security) and a assertion consumer url(ex. localhost:8181/...).

Issuer in Authn Request : http://localhost:8080/spring-security-saml2-sample/saml/metadata

Even I am not sure how this issuer is being generated.

Please help.

1
spring-securitywso2single-sign-onwso2isspring-saml
The issuer should be generated by the value of 'EntityId' in your SP metadata file.Bernhard Thalmayr
Thanks for replying Bernhard, In between I went through the code of "spring-security-saml2-core" and found that its being set by the default metadata in the file "MetadataGeneratorFilter" which i updated from the springSecurity context file. For working with WSO2 just update below configuration <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter"> <constructor-arg> <bean class="org.springframework.security.saml.metadata.MetadataGenerator"> <property name="entityId" value="spring-security"/>---Pankaj Negi

1 Answers

0
votes

You have to use different and unique entity ids for each service provider. And at Identity Server you need to create multiple service providers (2 in your case) accordingly in order to get SSO (and SLO) working.

So let's say you get the entity ids changed for two SPs as spring-security-1 and spring-security-2. You will need to create 2 service providers at IS as below.

SP1 -> issuer : spring-security-1 , ACS url : localhost:8080/...

SP2 -> issuer : spring-security-2 , ACS url : localhost:8081/...