Spring Boot makes it easy to create Spring-powered, production-grade applications and services with absolute minimum fuss. It takes an opinionated view of the Spring platform so that new and existing users can quickly get to the bits they need.
Spring SAML Extension allows seamless inclusion of SAML 2.0 Service Provider capabilities in Spring applications. All products supporting SAML 2.0 in Identity Provider mode (e.g. ADFS 2.0, Shibboleth, OpenAM/OpenSSO, Ping Federate, Okta) can be used to connect with Spring SAML Extension.
This project represents a sample implementation of a SAML 2.0 Service Provider, completely built on Spring Framework. In particular, it shows how to develop a web solution devised for Federated Authentication, by integrating Spring Boot and Spring Security SAML. The configuration has been completely defined using Java annotations (no XML).
SSOCircle (ssocircle.com) is used as public Identity Provider for test purpose.
- Author: Vincenzo De Notaris ([email protected])
- Website: www.vdenotaris.com
- Version:
1.6.0.RELEASE
- Last update: June 25th, 2017
Thanks to Vladimír Schäfer (github.com/vschafer) for supporting my work.
I would like to say thank you to Alexey Syrtsev (github.com/airleks) for his contribution on unit tests.
Metric | Result |
---|---|
Coverage % | 99% |
Lines Covered | 196 |
Total Lines | 199 |
-
The certificate on https://idp.ssocircle.com/ seems to change on a fairly regular basis. This results in the following exception.
javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname validation for name: null
To update the certificates in the keystore run the following commands:
cd src/main/resources/saml/ ./update-certifcate.sh
-
Sometimes SSO Circle could display you an error during the authenticaton process. In this case, please update your federation metadata directly on https://idp.ssocircle.com:
Manage Metadata > Service Provider Metadata
Remove the current record and add a new one, using your FQDN and providing a new copy of your metadata: your can retrieve them at http://localhost:8080/saml/metadata.
-
When the project version corresponds with the Spring Boot parent version, Maven may give you a warning as follows:
Version is duplicate of parent version.
Actually there is nothing wrong with the used configuration, thus you can just ignore that message.
Copyright 2017 Vincenzo De Notaris
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.