In one of the java struts based web projects, I have implemented SSO (Single-sign-on) using SAML authentication, using picketlink library, deployed on Jboss AS 7.1. Its working without any issues.
I need to implement the SSO in another Struts based web project, running on Tomcat 7. The IDP in this case is Azure AD. I have followed the steps given in the article SAML with Tomcat and PicketLink. I have also configured the application in Azure AD. The IDP and SP URLs are mentioned in the picketlink conif file as follows:
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" BindingType="POST">
<IdentityURL>${idp.url::https://login.microsoftonline.com/29b0-4f33-a90e/saml2}</IdentityURL>
<ServiceURL>${myapp.url::https://appserver.mydomain.com:10503/myapp/internal/}</ServiceURL>
<Trust>
<Domains>localhost,mydomain.com</Domains>
</Trust>
</PicketLinkSP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler">
<Option Key="ROLE_KEY" Value="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"/>
</Handler>
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
</Handlers>
I have mentioned the SAML-P endpoint that I got from Azure AD against the configured application in the above file.
${idp.url::https://login.microsoftonline.com/29b0-4f33-a90e/saml2}
Its not working after making all these changes. It looks like I need to get the certificate from the federation-metadata file and follow some steps to enable SSL and to make it ready for SAML to understand. I could not do this. I do not know if my path is correct. Can you please give me a sample program or steps to complete this task.
