How do I implement SAML for my Spring Boot application?

0
votes

I have an internal application hosted on AWS with https. I need help understanding how to implement SAML authentication to my web application. I am using Spring Boot for my backend and AngularJS for my front end. I am using ADFS as my IP. From what I gather, the following are the steps.

  1. Get a https URL for your application
  2. Create a basic ADFS trust.
  3. Add the roles on ADFS
  4. Get a metadata URL and enter it in your application.properties.

I am trying to implement SAML for the first time and have confused myself completely. Any thoughts shared would be greatly appreciated.

1
authenticationspring-bootsamladfs

1 Answers

1
votes

Your Spring Boot application needs to be a Service Provider (SP) that trusts your ADFS Identity Provider (IdP) and you ADFS IdP needs to trust your SP. This trust is usually done using the SAML2 metadata profile, i.e. the SP and IdP SAML2 metadata files.

You can either design your application as a 'standalone', i.e. no SAML ability and put something in front of it that understand SAML and blocks all requests until the IdP sends attributes. This is how the standard Shibboleth SP works but it needs Apache. The other option is to use the framework to plumb in the SAML capability such as Spring Security SAML