Inicio Explorar Ayuda
Registro Iniciar sesión
github
/
spring-security-samples
espejo de https://github.com/spring-projects/spring-security-samples
2
0
Fork 0
Archivos Incidencias 0 Wiki
Árbol: 66bbb8ec79
Ramas Etiquetas
spring-security...
/
servlet
/
spring-boot
/
java
/
saml2
/
refreshable-metadata
/
README.adoc

README.adoc 2.3 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. = SAML 2.0 Refreshable Metadata
    2. 

  2. 

  3. This guide provides instructions on setting up this SAML 2.0 Login & Logout sample application.
    4. 

  4. It uses https://simplesamlphp.org/[SimpleSAMLphp] as its asserting party.
    5. 

  5. 

  6. The sample application uses Spring Boot and the `spring-security-saml2-service-provider`
    7. 

  7. module which is new in Spring Security 5.2.
    8. 

  8. 

  9. The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[SAML 2.0 Logout feature] is new in Spring Security 5.6.
    10. 

  10. 

  11. == Goals
    12. 

  12. 

  13. === SAML 2.0 Login
    14. 

  14. 

  15. `saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
    16. 

  16. 

  17. The following features are implemented in the MVP:
    18. 

  18. 

  19. 1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
    20. 

  20. 2. Send a SAML 2.0 AuthNRequest to an Identity Provider
    21. 

  21. 3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
    22. 

  22. 4. Work against the Okta SAML 2.0 IDP reference implementation
    23. 

  23. 

  24. === SAML 2.0 Single Logout
    25. 

  25. 

  26. `saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
    27. 

  27. 

  28. On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.
    29. 

  29. 

  30. You can refer to the https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[reference documentation] for more details about the RP- and AP-initiated SAML 2.0 Logout.
    31. 

  31. 

  32. === Refreshable Asserting Party Metadata
    33. 

  33. 

  34. The application uses a custom implementation of `RelyingPartyRegistrationRepository` to achieve Asserting Party Metadata refresh feature.
    35. 

  35. This particular implementation uses a `@Scheduled` annotation to update its metadata every 30 minutes.
    36. 

  36. 

  37. == Run the Sample
    38. 

  38. 

  39. === Start up the Sample Boot Application
    40. 

  40. ```
    41. 

  41.  ./gradlew :servlet:spring-boot:java:saml2:refreshable-metadata:bootRun
    42. 

  42. ```
    43. 

  43. 

  44. === Open a Browser
    45. 

  45. 

  46. http://localhost:8080/
    47. 

  47. 

  48. You will be redirect to the Okta SAML 2.0 IDP
    49. 

  49. 

  50. === Type in your credentials
    51. 

  51. 

  52. ```
    53. 

  53. User: testuser2@spring.security.saml
    54. 

  54. Password: 12345678
    55. 

  55. ```
    56. 

  56. 

  57. 

  58.