1

I am now comparing spring saml and pac4j saml. Generally speaking, I think pac4j is easier to implement than spring saml. But there are one thing I can not figure out: See this config code:

@Configuration
public class Pac4jConfig {

    @Bean
    public Config config() {

        final SAML2ClientConfiguration cfg = new SAML2ClientConfiguration(
                "resource:samlKeystoreNgcsc.jks",
                "juniper",
                "juniper",
                "resource:metadata-okta.xml"
                );
        cfg.setMaximumAuthenticationLifetime(3600);

        cfg.setServiceProviderEntityId("http://localhost:8080/callback?client_name=SAML2Client");

        cfg.setServiceProviderMetadataPath("sp-metadata.xml");
        final SAML2Client saml2Client = new SAML2Client(cfg);

        final Clients clients = new Clients("http://localhost:8080/callback", saml2Client);

        final Config config = new Config(clients);
        //config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
        //config.addAuthorizer("custom", new CustomAuthorizer());
        return config;
    }
}

From this sample code, we already have IDP metaData, that is fine, we just ask for IDP to provide metaData and we can use directly.

But where is the sp-metadata.xml? We need to generate it and provide to idp to intergration purpose.

If I am using springSaml, it provides a UI to generate this metaData, we just need to download and send over to IDP. But for pac4j saml, I do not see this utility at all. So can anyone help to tell me what will be the best solution to generate the sp metaData?

Thanks

user3006967
  • 3,291
  • 10
  • 47
  • 72

3 Answers3

2

saml2Client.init() does all work of generating sp-metadata just make sure that you have sufficient permissions to create the file on the specified path.

saml2Client.getConfiguration().setServiceProviderMetadataResource(new FileSystemResource(new File("C:\\sp-metadata.xml").getAbsolutePath()));
saml2Client.init();
String spMetadata = saml2Client.getServiceProviderMetadataResolver().getMetadata();
MukulChakane
  • 73
  • 2
  • 8
0

I somehow manage to generate it by using this setting in the SecurityModule configuration. This might not be the best way, but I still figuring out the best way. 

cfg.setServiceProviderMetadataPath(new File("yourPath", "fileName.xml").getAbsolutePath())

Note that SPMetata ONLY generate when there's a SAML Request happen.

Rayson
  • 1
  • 1
0

If you come across this issue when using pac4j and TestShib, make sure your Identity Provider metadata is up-to-date, i.e., update your local testshib-providers.xml with the one from the TestShib website.

ttaveira
  • 1
  • 1