22

The Problem:

I want to implement a set of Webservices, protected with SAML. I need to authenticate the users, and also need to authorize based on the user role. I found some questions similar to this one, but none with satisfactory answers.

The scenario:

  • Java Webapp accessed only using Webservices;
  • SOAP - metro;
  • Clients use some Desktop application that they will develop.

Key features that I need:

  • Free software;
  • SAML 2.0;
  • LDAP(or similar solution) to manage users information;
  • Message level security (SOAP).

The question:

I study some SAML (SSO) solutions (e.g. Shibboleth, opemAM, JOSSO...);

  • Can I use any of those, without compromise any of the key features?
  • Or do I need to implement my own way to handle the SAML tokens?
  • How to do it?

Thank you!



Here are some results that I found, and/or some tips from the answers:

Still searching, please contribute!!

lpinto.eu
  • 2,077
  • 4
  • 21
  • 45
  • If you wish to implement SAML yourself. see this link for some really good documentation of the standard. http://stackoverflow.com/questions/12367378/a-good-reference-document-for-saml – Shurmajee Feb 14 '13 at 08:03

3 Answers3

6

I am an architect at WSO2. WSO2 produces WSO2 Identity Server supporting all the features you required. You can deploy WSO2 Identity Server over an existing LDAP user store and make it act as an SAML2 IdP. We are using this functionality of Identity Server in our Platform as a Service [PASS] offering - https://stratoslive.wso2.com for SAML2 single sign on.

This is a good starting point and you can download WSO2 Identity Server from here.

Prabath Siriwardena
  • 5,891
  • 1
  • 27
  • 34
  • Thanks for the answer, Prabath! I forgot to mention, already added to my question, I need free software. Is your solution free? – lpinto.eu Sep 13 '11 at 09:56
  • The link you provide isn't about Webservices. In that architecture, only the identity provider (IdP) is developed? I need to implement all the core related with the service provider (SP)? – lpinto.eu Sep 13 '11 at 16:16
3

Since no one answered with a valid option. I decide to secure the services with metro SAML, and try to provide the tokens using OpenAM.

Stefan Rasmusson
  • 5,445
  • 3
  • 21
  • 48
lpinto.eu
  • 2,077
  • 4
  • 21
  • 45
  • I didn't accept it, because despite I present this options, I still want to ear about other options, and if any, update the question, in order to continue the community wiki. – lpinto.eu Sep 29 '11 at 16:43
  • I'll put a bounty on this question. Perhaps that will generate a few more answers. – Chris Aldrich Sep 29 '11 at 19:46
  • 2
    Since nobody responded on this and you did some heavy ground work on your own. I'm going to award the bounty to you. – Chris Aldrich Oct 06 '11 at 18:35
1

For this you could have a look at jasig CAS. We don't use SAML yet, but it should work as described here

Hons
  • 3,804
  • 3
  • 32
  • 50
  • Thanks, but I already read it, and it says: "... we cannot confirm that this will work with any SAML 2.0 compliant application..." – lpinto.eu Sep 13 '11 at 13:18
  • I've seen it just after posting. As I've to add this functionality sooner or later I'll give it a try, but I'm not sure when I can test it... sorry – Hons Sep 13 '11 at 13:34