Acasă Explorează Ajutor
Înregistrare Autentificare
github
/
spring-security-samples
oglindă de https://github.com/spring-projects/spring-security-samples
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Arbore: 58ba38449b
Ramuri Etichete
spring-security...
/
servlet
/
spring-boot
/
java
/
saml2
/
login
/
README.adoc

README.adoc 2.4 KB
Istoric Crud

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. = SAML 2.0 Login & Logout Sample
    2. 

  2. 

  3. This guide provides instructions on setting up this SAML 2.0 Login & Logout sample application.
    4. 

  4. It uses https://simplesamlphp.org/[SimpleSAMLphp] as its asserting party.
    5. 

  5. 

  6. The sample application uses Spring Boot and the `spring-security-saml2-service-provider`
    7. 

  7. module which is new in Spring Security 5.2.
    8. 

  8. 

  9. The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[SAML 2.0 Logout feature] is new in Spring Security 5.6.
    10. 

  10. 

  11. == Run the Sample
    12. 

  12. 

  13. === Install Docker
    14. 

  14. 

  15. This sample requires Docker to run a local IdP.
    16. 

  16. As an alternative, you can point the sample at your own IdP by changing the `application.yml` here:
    17. 

  17. 

  18. [source,java]
    19. 

  19. ----
    20. 

  20. spring:
    21. 

  21.   security:
    22. 

  22.     saml2:
    23. 

  23.       relyingparty:
    24. 

  24.         registration:
    25. 

  25.           one:
    26. 

  26.             assertingparty.metadata-uri: {your-idp-metadata-endpoint}
    27. 

  27. // ...
    28. 

  28.           two:
    29. 

  29.             assertingparty.metadata-uri: {your-idp-metadata-endpoint}
    30. 

  30. ----
    31. 

  31. 

  32. === Start up the Sample Boot Application
    33. 

  33. ```
    34. 

  34.  ./gradlew :servlet:spring-boot:java:saml2:login:bootRun
    35. 

  35. ```
    36. 

  36. 

  37. === Open a Browser
    38. 

  38. 

  39. http://localhost:8080/
    40. 

  40. 

  41. You will be redirected to the SimpleSAMLPHP instance.
    42. 

  42. 

  43. === Type in your credentials
    44. 

  44. 

  45. ```
    46. 

  46. User: user1
    47. 

  47. Password: user1pass
    48. 

  48. ```
    49. 

  49. 

  50. == Goals
    51. 

  51. 

  52. === SAML 2.0 Login
    53. 

  53. 

  54. `saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
    55. 

  55. 

  56. The following features are implemented in the MVP:
    57. 

  57. 

  58. 1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
    59. 

  59. 2. Send a SAML 2.0 AuthNRequest to an Identity Provider
    60. 

  60. 3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
    61. 

  61. 4. Work against the SimpleSAMLPHP reference implementation
    62. 

  62. 

  63. === SAML 2.0 Single Logout
    64. 

  64. 

  65. `saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
    66. 

  66. 

  67. On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.
    68. 

  68. 

  69. You can refer to the https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[reference documentation] for more details about the RP- and AP-initiated SAML 2.0 Logout.
    70. 

  70.