How can I generate metadata file of my Java Spring Application to establish a connection with Identity Provider like Ping Federate?

0
votes

I am working with Single Sign On (SSO) for some time. I am using Ping Federate as an Identity Provider(IdP) and a sample Java spring-boot application as the Service Provider(SP). The protocol used is SAML.

I have downloaded the spring application from https://start.spring.io with "Web" and "Security" dependencies and looking forward to establishing a connection. It is required to upload the metadata file of the spring app which is the Service Provider in this case at Ping Federate while doing the configuration. I want to know how can I generate the metadata file for my spring app?

I referred some docs but could not help myself. https://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/chapter-quick-start.html

Any help would be of great avail.

1
spring-bootspring-securitysingle-sign-onsamlpingfederate

1 Answers

0
votes

To address your question "how can I generate the metadata file for my spring app?",

(1) I downloaded the latest release of Ping Federate, i.e., pingfederate-9.2.2.zip

(2) I have built "Ping Federate as an Identity Provider(IdP) and a sample Java spring-boot application as the Service Provider(SP)" on Ubuntu 16.04 with reference to the information provided by your post.

(3) Then I have validated the SAML communication between "Ping Federate as an Identity Provider(IdP)" and "a sample Java spring-boot application as the Service Provider(SP)" successfully with reference to the information provided by your post.

The following responses and answer will help you to log in to "my spring app (as Service Provider (SP))" through SAML SSO provided by "Ping Federate (as an Identity Provider(IdP))".

(1) Quote your post "I have downloaded the spring application from https://start.spring.io with "Web" and "Security" dependencies and looking forward to establishing a connection."

Response:

I performed the same tasks as you did by executing the commands below. 

# Download demo.zip from https://start.spring.io with "Web" and "Security" dependencies 

$unzip demo.zip

$cd demo

$sudo mvn package

$sudo cp target/demo-0.0.1-SNAPSHOT.war /opt/tomcat/webapps/

$ls /opt/tomcat/webapps/demo-0.0.1-SNAPSHOT/WEB-INF/
classes  lib  lib-provided

Now we discover that the spring application (you downloaded with "Web" and "Security" dependencies) did NOT installed with SAML SP. In other words, the spring application is NOT SAML SP-enabled application. Therefore "I can NOT generate the metadata file for my spring app".

(2) Quote your post "I referred some docs but could not help myself. https://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/chapter-quick-start.html"

Response:

Quote the important information provided by the above link "spring-security-saml" in your post 

4.2.1 Downloading sample application 

Download the Spring SAML Extension either from sources or from one of the releases.

(I) Click the link of "from sources" at GitHub repository.

Then click folder "samples" (i.e., spring-security-saml/samples/) to read the README on "How to run a simple sample of an Identity Provider (IDP) and Service Provider (SP)".

(II) Follow the instructions provided by README, I have validated "SP initiated login and IDP initiated login" successfully.

Because the sample applications hardcoded the host name as localhost,

without loss of generality, by modifying the DNS host file of your local machine for demo purpose, we assume that

the host name of "Ping Federate as an Identity Provider(IdP)" is ping.example.com

the host name of "a sample Java spring-boot application as the Service Provider(SP)" is localhost

(3) Quote your question "It is required to upload the metadata file of the spring app which is the Service Provider in this case at Ping Federate while doing the configuration. I want to know how can I generate the metadata file for my spring app?"

Answer:

(I) Access the SAML SP metadata file endpoint of the spring app built with "spring-security-saml/samples/",

http://localhost:8080/sample-sp/saml/sp/metadata

to "generate/download the metadata file for my spring app", i.e., saml-sp-metadata.xml

(II) Upload the the metadata file for my spring app (i.e., saml-sp-metadata.xml) into "Ping Federate as an Identity Provider(IdP)"

(III) Upload the IdP metadata file of "Ping Federate as an Identity Provider(IdP)" into "my spring app as Service Provider (SP)"

(a) Add the code below at the end of the configuration file of "my spring app as Service Provider (SP)" 

$sudo vi  spring-security-saml/samples/boot/simple-service-provider/src/main/resources/application.yml 

        - alias: pingfederate
          metadata: https://ping.example.com:9031/pf/federation_metadata.ping?PartnerSpId=spring.security.saml.sp.id
          link-text: Ping Federate IDP
          authentication-request-binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

(b) Restart my spring app as Service Provider (SP) by following the README on "How to run a simple sample of an Identity Provider (IDP) and Service Provider (SP)" at GitHub repository

in order to upload the IdP metadata of "Ping Federate as an Identity Provider(IdP)" into "my spring app as Service Provider (SP)".

(IV) Validate SAML SSO provided by Ping Federate (as an Identity Provider(IdP)) for my spring app (as Service Provider (SP))

(a) Access Ping Federate IdP initiated SSO endpoint for "my spring app as Service Provider (SP)"

https://ping.example.com:9031/idp/startSSO.ping?PartnerSpId=spring.security.saml.sp.id

(b) Submit your username/password credential (e.g., johndoe/password) of Ping Federate local user account into the pop-up dialog box

(c) You are redirected and logged in to my spring app as Service Provider (SP) successfully.

The following message will be displayed on the home screen of my spring app as Service Provider (SP).

Success                             User:johndoe 

You are authenticated!