Skip to content

SAML Identity Provider and Service Provider implementation using Spring Security

Notifications You must be signed in to change notification settings

alokkusingh/saml

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status GitHub issues GitHub issues closed

SAML - Identity Provider and Service Provider Services

Meta Data

IdP and SPS both the services provide SAML meta data interface to negotiate the service.

1. IdP Meta Data API

This meta data API can be integrated with SPS to get service negotiation.

http://localhost:8081/alok-idp/saml/idp/metadata

2. SPS Meta Data API

This meta data API can be integrated with IdP to get service negotiation.

http://localhost:8082/hello-sp/saml/sp/metadata

Supported SAML Flows

1. SPS Flow

SAML authentication initiated by IdP.

  • SPS - SPS sends SAML Request to IdP
  • IdP authenticate the user and responds with SAML Response

Usecase:

  • TBD

2. IdP Flow

SAML authentication initiated by SPS.

  • IdP - IdP directly sends SAML Response to SPS. No SAML Request generated.

Usecase:

  • Signle Sign-on - if we want to embed a secure web page provided by guest application (will act as SPS service) as iFrame to the web page provided by host application (will act as IdP service). The Guest server validates the user credentials as part of login process and the same time generates SAML Response for guest application. When loading guest application web page to the Web page (as iFrame) the SAML Reponse shall be sent to guest application. Guest application shall use SAML Response to Authenticate/Authorize user without asking additinal credentials from user. Seamless single sign-on takes place.

IdP and SPS RSA Keys and Certificate

Both the services sign and encrypt Metadata/SAML Request/SAML Response.

1. IdP RSA Private Key and Cert Generation

1.1 Generate Private Key and CSR Request

openssl req -new -newkey rsa:4096 -nodes -keyout IdP_pkcs8.key -out IdP.csr

Note: no pwd

1.2 To pkcs1

openssl rsa -in IdP_pkcs8.key -out IdP_pkcs1.key

1.3 Sign Certificate

openssl x509 -req -CA rootCA_Alok.crt -CAkey rootCA_Alok.key -in IdP.csr -out IdP.crt -days 365 -CAcreateserial

2. SPS RSA Private Key and Cert Generation

2.1 Generate Private Key and CSR Request

openssl req -new -newkey rsa:4096 -nodes -keyout saml_spcs_pkcs8.key -out saml_spcs.csr

Note: no pwd

2.2 To pkcs1

openssl rsa -in saml_spcs_pkcs8.key -out saml_spcs_pkcs1.key

2.3 Sign Certificate

openssl x509 -req -CA rootCA_Alok.crt -CAkey rootCA_Alok.key -in saml_spcs.csr -out saml_spcs.crt -days 365 -CAcreateserial