|
|
@@ -1,51 +1,13 @@
|
|
|
-= SAML 2.0 Login & Logout Sample
|
|
|
+= A Sample Identity Provider
|
|
|
|
|
|
-This guide provides instructions on setting up this SAML 2.0 Login & Logout sample application.
|
|
|
-It uses https://simplesamlphp.org/[SimpleSAMLphp] as its asserting party.
|
|
|
+This sample by default uses Docker to stand up two sample IdPs, each with one asserting party and multiple relying parties registered.
|
|
|
+This allows you to explore different arrangements between multiple relying parties and asserting parties.
|
|
|
|
|
|
-The sample application uses Spring Boot and the `spring-security-saml2-service-provider`
|
|
|
-module which is new in Spring Security 5.2.
|
|
|
+To ensure that there are no issues with sharing cookies between the Identity Provider and Service Provider applications, the application uses `nip.io` hostnames.
|
|
|
+The first identity provider can be reached by navigating to `http://idp-one.7f000001.nip.io`.
|
|
|
+The second identity provider can be reached by navigating to `http://idp-two.7f000001.nip.io`.
|
|
|
|
|
|
-The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[SAML 2.0 Logout feature] is new in Spring Security 5.6.
|
|
|
-
|
|
|
-== Goals
|
|
|
-
|
|
|
-=== SAML 2.0 Login
|
|
|
-
|
|
|
-`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
|
|
|
-
|
|
|
-The following features are implemented in the MVP:
|
|
|
-
|
|
|
-1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
|
|
|
-2. Send a SAML 2.0 AuthNRequest to an Identity Provider
|
|
|
-3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
|
|
|
-4. Work against the Okta SAML 2.0 IDP reference implementation
|
|
|
-
|
|
|
-=== SAML 2.0 Single Logout
|
|
|
-
|
|
|
-`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
|
|
|
-
|
|
|
-On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.
|
|
|
-
|
|
|
-You can refer to the https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[reference documentation] for more details about the RP- and AP-initiated SAML 2.0 Logout.
|
|
|
-
|
|
|
-== Run the Sample
|
|
|
-
|
|
|
-=== Start up the Sample Boot Application
|
|
|
-```
|
|
|
- ./gradlew :servlet:spring-boot:java:saml2:login:bootRun
|
|
|
-```
|
|
|
-
|
|
|
-=== Open a Browser
|
|
|
-
|
|
|
-http://localhost:8080/
|
|
|
-
|
|
|
-You will be redirect to the Okta SAML 2.0 IDP
|
|
|
-
|
|
|
-=== Type in your credentials
|
|
|
-
|
|
|
-```
|
|
|
-User: testuser2@spring.security.saml
|
|
|
-Password: 12345678
|
|
|
-```
|
|
|
+To change how the IdP is configured, you can go to the sibling `identity-provider` project and edit the following files:
|
|
|
|
|
|
+* `one-relyingparties.php` - the list of relying parties that `idp-one` knows about
|
|
|
+* `two-relyingparties.php` - the list of relying parties that `idp-two` knows about
|
Josh Cummings