Python or Java with simplesaml
331 views
Skip to first unread message
Umar Draz
Jun 26, 2017, 12:53:41 AM6/26/17
to SimpleSAMLphp
Hi
I have some apps with python flask and some of java.
I have running simplesaml IDP running which is working fine for my php apps specailly, wordpress, Drupal and others.
Now can I use SSO on my python or java apps?
Regards
Peter Schober
Jun 26, 2017, 5:05:39 AM6/26/17
to SimpleSAMLphp
* Umar Draz <uni...@gmail.com> [2017-06-26 06:53]:
By protecting them with SAML implementations that can be used from
Python and Java, respectively. There are two distinct approaches to this:
1. One method uses "native" implementations (e.g. SAML implementations
written in the language of the application and integrating with its
API, thereby tighly coupling your application to the SAML
implementation, like SimpleSAMLphp offers for PHP). pysaml2 is one
such example. (There are dozens available for Java, though whether any
of those has all the features you need requires careful studying.)
2. The other method relies on a SAML implementation that can be used
with /any/ kind of web application by running it as part of the web
server process.
The SimpleSAMLphp documentation details one such example:
https://simplesamlphp.org/docs/stable/simplesamlphp-advancedfeatures#section_5
This approach (mod_auth_memcookie) requires use of PHP and
SimpleSAMLphp as SAML SP (as usual) on the machine with your Python or
Java applications, plus you'll neded to compile an Apache httpd module
and use that for protection of the application.
Other implementations of the "in-webserver" concept are
e.g. mod_mellon (libapache2-mod-auth-mellon in Debian/Ubuntu) or the
Shibboleth Service Provider (libapache2-mod-shib2 in Debian/Ubuntu).
https://github.com/UNINETT/mod_auth_mellon
http://shibboleth.net/products/service-provider.html
Shibboleth can be used with Apache httpd, MS-IIS and via FastCGI
(though Nginx support currently requires patches to Nginx).
So it all depends on your preferences (e.g. trying to integrate/ship
the SAML implementation as part of your application code vs. aiming
for maximum isolation of your appliaction from external APIs and
dependencies), deployment restrictions (web server software available;
possibility to install additional server-side system software) and
technical abilities.
-peter
Python and Java, respectively. There are two distinct approaches to this:
1. One method uses "native" implementations (e.g. SAML implementations
written in the language of the application and integrating with its
API, thereby tighly coupling your application to the SAML
implementation, like SimpleSAMLphp offers for PHP). pysaml2 is one
such example. (There are dozens available for Java, though whether any
of those has all the features you need requires careful studying.)
2. The other method relies on a SAML implementation that can be used
with /any/ kind of web application by running it as part of the web
server process.
The SimpleSAMLphp documentation details one such example:
https://simplesamlphp.org/docs/stable/simplesamlphp-advancedfeatures#section_5
This approach (mod_auth_memcookie) requires use of PHP and
SimpleSAMLphp as SAML SP (as usual) on the machine with your Python or
Java applications, plus you'll neded to compile an Apache httpd module
and use that for protection of the application.
Other implementations of the "in-webserver" concept are
e.g. mod_mellon (libapache2-mod-auth-mellon in Debian/Ubuntu) or the
Shibboleth Service Provider (libapache2-mod-shib2 in Debian/Ubuntu).
https://github.com/UNINETT/mod_auth_mellon
http://shibboleth.net/products/service-provider.html
Shibboleth can be used with Apache httpd, MS-IIS and via FastCGI
(though Nginx support currently requires patches to Nginx).
So it all depends on your preferences (e.g. trying to integrate/ship
the SAML implementation as part of your application code vs. aiming
for maximum isolation of your appliaction from external APIs and
dependencies), deployment restrictions (web server software available;
possibility to install additional server-side system software) and
technical abilities.
-peter
Umar Draz
Jun 28, 2017, 12:26:20 AM6/28/17
to SimpleSAMLphp, peter....@univie.ac.at
Hi Peter
Thanks for this useful information.
Regards,
Reply all
Reply to author
Forward
0 new messages