Is there a way to integrate SAML 2.0 in a Spring Boot-based application? I'd like to implement my own SP and communicate with a remote IdP.
Asked
Active
Viewed 3.2k times
3 Answers
15
I recently released a spring boot plugin for this here. It is basically a wrapper around Spring Security SAML that allows for friendlier configuration through a DSL or config properties. Here's an example using the DSL:
@SpringBootApplication
@EnableSAMLSSO
public class SpringBootSecuritySAMLDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SpringBootSecuritySAMLDemoApplication.class, args);
}
@Configuration
public static class MvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("index");
}
}
@Configuration
public static class MyServiceProviderConfig extends ServiceProviderConfigurerAdapter {
@Override
public void configure(ServiceProviderSecurityBuilder serviceProvider) throws Exception {
serviceProvider
.metadataGenerator()
.entityId("localhost-demo")
.and()
.sso()
.defaultSuccessURL("/home")
.idpSelectionPageURL("/idpselection")
.and()
.logout()
.defaultTargetURL("/")
.and()
.metadataManager()
.metadataLocations("classpath:/idp-ssocircle.xml")
.refreshCheckInterval(0)
.and()
.extendedMetadata()
.idpDiscoveryEnabled(true)
.and()
.keyManager()
.privateKeyDERLocation("classpath:/localhost.key.der")
.publicKeyPEMLocation("classpath:/localhost.cert");
}
}
}
That's basically all the code you need.
Ulises
- 9,115
- 2
- 30
- 27
-
1can this be used for Spring Boot based Rest API ? – Ashika Umanga Umagiliya May 08 '17 at 08:30
-
1I think this answer should be accepted as the best answer, since it shows a more advanced integration with Spring Boot Autoconfiguration, and moreover, it's based on @vdenotaris' work. It's pretty amazing btw that the SAML extension of Spring Security is not yet officially integrated with Spring Boot. – Renaud Denis Aug 20 '18 at 09:07
-
1Would this configuration work if you were also supporting an angularjs front end in the same application as the spring boot rest service? – Jolley71717 Nov 12 '18 at 04:54
3
You'd have to do all the SAML stuff in XML (surprise, surprise). But the rest shouldn't get in the way, just standard Springy, Booty stuff, e.g.
@EnableAutoConfiguration
@Configuration
@ImportResource("my-crazy-ass-saml.xml")
public class Application implements WebMvcSecurityAdapter {
// set up security filter chain here
}
Dave Syer
- 56,583
- 10
- 155
- 143
1
I tried @vdenotaris' solution, but does not seem to work with current spring-boot, and thus given up that approach.
So as an alternate solution I used shibboleth to do all the SAML stuff using the mod_shib2 module in apache httpd, and run tomcat using mod_jk (mod_proxy_ajp could also be used) behind the said apache instance. Tomcat receives all the required SAML attributes as request attributes, and I only have to store the idp and the user id in the regular user table to connect the internal authentication to the external (I need both SAML and password-based authentication).
P.Péter
- 1,527
- 16
- 39
-
The compatibility with the new version of Spring Boot is on my to-do list, but currently you should use the project as is. – vdenotaris Jun 17 '15 at 09:50
-
Unfortunately that is not really an option as we have already a large project built on top of the current version of spring-boot; thus my above outlined solution. Other solution would be to use spring-saml in another servlet and authenticate using some improvised inter-servlet protocol. That would be even less nice. :( – P.Péter Jun 17 '15 at 14:07