Using SimpleSAML as SP for a java web applicaton (test environment).
91 views
Skip to first unread message
Keith Reilly
Apr 17, 2015, 9:42:51 AM4/17/15
to simple...@googlegroups.com
Hi,
I’ve set up SimpleSAML as a SP and configured it to use Feide OpenIdP as the IdP. All this works when I test it through the SimpleSAML web interface.
The problem I’m having now is that I need to integrate this with a java based web site and the instructions for configuring an appliction to work with the SP are for php applications. I’ve tried redirecting to the SP, and I can get it to redirect back to my app, but it doesn’t ask the user to log in and the response doesn’t contains a SAML response.
Are there instructions for how to do this in java?
Thanks,
Keith
Peter Schober
Apr 17, 2015, 10:44:42 AM4/17/15
to simple...@googlegroups.com
* Keith Reilly <keitht...@gmail.com> [2015-04-17 15:43]:
For other laguages APIs you either have to use a SAML implementation
in that language, or put the SAML implementation in the webserver and
tunnel to the Java from there (assuming it's a Java servlet you're
talking about).
For the former there's e.g. Spring Security SAML or OIOSAML.Java, both
of which I haven't used really.
For the latter there's e.g. mod_authmemcookie or mod_mellon or the
Shibboleth SP, and you'd use mod_proxy_ajp to tunnel to the servlet
container.
So it's all doable, the choice of where you want the complexity is
yours. If you think redirecting somewhere can be the equivalent of
installing and configuring a SAML implementation to protect a resource
you might be in for a bumpy ride, though.
-peter
> The problem I’m having now is that I need to integrate this with a java
> based web site and the instructions for configuring an appliction to work
> with the SP are for php applications. I’ve tried redirecting to the SP, and
> I can get it to redirect back to my app, but it doesn’t ask the user to log
> in and the response doesn’t contains a SAML response.
SimpleSAMLphp is for PHP, hence the name.
> based web site and the instructions for configuring an appliction to work
> with the SP are for php applications. I’ve tried redirecting to the SP, and
> I can get it to redirect back to my app, but it doesn’t ask the user to log
> in and the response doesn’t contains a SAML response.
For other laguages APIs you either have to use a SAML implementation
in that language, or put the SAML implementation in the webserver and
tunnel to the Java from there (assuming it's a Java servlet you're
talking about).
For the former there's e.g. Spring Security SAML or OIOSAML.Java, both
of which I haven't used really.
For the latter there's e.g. mod_authmemcookie or mod_mellon or the
Shibboleth SP, and you'd use mod_proxy_ajp to tunnel to the servlet
container.
So it's all doable, the choice of where you want the complexity is
yours. If you think redirecting somewhere can be the equivalent of
installing and configuring a SAML implementation to protect a resource
you might be in for a bumpy ride, though.
-peter
Reply all
Reply to author
Forward
0 new messages