It is I, SAML. Ana Mandić Development Lead @ Five Minutes Ltd



Similar documents
SAML Single-Sign-On (SSO)

Spring Security SAML module

Open Source Identity Integration with OpenSSO

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

IBM WebSphere Application Server

Using SAML for Single Sign-On in the SOA Software Platform

Standalone SAML Attribute Authority With Shibboleth

SAML SSO Configuration

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

SAML Security Option White Paper

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

OpenLogin: PTA, SAML, and OAuth/OpenID

How to create a SP and a IDP which are visible across tenant space via Config files in IS

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Secure the Web: OpenSSO

OpenSSO: Cross Domain Single Sign On

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Software Design Document SAMLv2 IDP Proxying

An Oracle White Paper August Oracle OpenSSO Fedlet

Web Access Management and Single Sign-On

Integration of Shibboleth and (Web) Applications

This section includes troubleshooting topics about single sign-on (SSO) issues.

MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY. ASR 2006/2007 Final Project. Supervisers: Maryline Maknavicius-Laurent, Guy Bernard

Getting Started with Single Sign-On

Single Sign-On Implementation Guide

Integrating Apex into Federated Environment using SAML 2.0. Jon Tupman Portalsoft Solutions Ltd

IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>

Spring Security SAML Extension

Web Single Sign-On Authentication using SAML

Get Success in Passing Your Certification Exam at first attempt!

Flexible Identity Federation

IAM Application Integration Guide

Single Sign-On Implementation Guide

Single Sign-On Implementation Guide

The Role of Federation in Identity Management

Keeping access control while moving to the cloud. Presented by Zdenek Nejedly Computing & Communications Services University of Guelph

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Single Sign on Using SAML

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

Keycloak SAML Client Adapter Reference Guide

Copyright: WhosOnLocation Limited

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

BMC Software Webinars 2013 Atrium Single Sign On (Atrium SSO)

SAML-Based SSO Solution

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

HP Software as a Service

SAML and OAUTH comparison

Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only)

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious

Shibboleth N-Tier Support. Chad La Joie

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

esoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Egnyte Single Sign-On (SSO) Installation for OneLogin

HP Software as a Service. Federated SSO Guide

National Identity Exchange Federation. Web Browser User-to-System Profile. Version 1.0

Logout in Single Sign-on Systems

Feide Technical Guide. Technical details for integrating a service into Feide

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

VETUMA SAML SAMPLE MESSAGES

Security Assertion Markup Language (SAML)

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

Spring Security SAML Extension

Introduction to SAML

Java Integration Kit. Version User Guide

Разработка программного обеспечения промежуточного слоя. TERENA BASNET Workshop, November 2009 Joost van Dijk - SURFnet

Setting Up Federated Identity with IBM SmartCloud

Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only)

OpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way

Web Applications and Struts 2

PicketLink Federation User Guide 1.0.0

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

Single Sign On Integration Guide. Document version:

SAML Authentication within Secret Server

Agenda. How to configure

Programming on the Web(CSC309F) Tutorial: Servlets && Tomcat TA:Wael Aboelsaadat

Gabriel Magariño. Software Engineer. Overview Revisited

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

Getting Started with AD/LDAP SSO

Federal Identity, Credential, and Access Management Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile

SAML-Based SSO Solution

Kantara egov and SAML2int comparison

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Copyright Pivotal Software Inc, of 10

How To Configure The Jasig Casa Single Sign On On A Workstation On Ahtml.Org On A Server On A Microsoft Server On An Ubuntu (Windows) On A Linux Computer On A Raspberry V

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

SAML Authentication Quick Start Guide

Perceptive Experience Single Sign-On Solutions

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Biometric Single Sign-on using SAML Architecture & Design Strategies

Transcription:

It is I, SAML Ana Mandić Development Lead @ Five Minutes Ltd

About Five Minutes We design and develop top notch mobile apps for leading mobile platforms 50 full-time employees Offices in Zagreb, Osijek and New York Privately owned, founded in 2007. Platforms we master:

SAML SAML - Security Assertion Markup Language SAML addresses the web browser single sign-on (SSO) problem IdP Identity provider SP Service provider OpenID protocol

The SAML Use Case

OpenAM OpenAM is an open source access management, entitlements and federation server platform History: OpenSSO - announced by Sun Microsystems in July 2005 In February 2010 Oracle completed their acquisition of Sun Microsystems and shortly thereafter removed OpenSSO ForgeRock announced in February 2010 that they would continue to develop and support OpenSSO and renamed the product OpenAM

Fedlet Fedlet is a small web application that can do federation in your service provider application with OpenAM acting as the identity provider Redirects to OpenAM for single sign on and retrieves SAML assertions Three ways of integration with Java Web Applications

Structure of Fedlet zip conf/ - folder with configuration files which needs to be copied on your server and added to classpath fedlet.war saml2/jsp/ - JSPs to initiate single sign on and single logout, to handle error and for obtaining Fedlet metadata /WEB-INF/classes/ - set of properties files /WEB-INF/lib/ - opensso-sharedlib.jar, openfedlib.jar

Fedlet integration Steps to include Fedlet inside your own application: include content from folders: classes, lib and saml2/jsp map saml2 servlets defined in jsps create SAMLAssertionLandingServlet

Example of web.xml <servlet> <servlet-name>samlassertionlandingservlet</servlet-name> <servlet-class> eu.fiveminutes.web.servlets.web_samlassertionlandingservlet </servlet-class> </servlet> <servlet> <servlet-name>fedletsloinit</servlet-name> <jsp-file>/jsp/saml2/spsinglelogoutinit.jsp</jsp-file> </servlet> <servlet> <servlet-name>fedletlogout</servlet-name> <jsp-file>/jsp/saml2/logout.jsp</jsp-file> </servlet>

Example of SAML response <samlp:response Version="2.0"> <samlp:status> <samlp:statuscode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp:status> <saml:assertion> <saml:attributestatement> <saml:attribute Name="id"> <saml:attributevalue xsi:type="xs:string">123</saml:attributevalue> </saml:attribute> </saml:attributestatement> </saml:assertion> </samlp:response>

Reading SAML response There is a single object within the Fedlet API that the Service Provider must use to consume the SAML Assertion and retrieve the attributes from it. Class - com.sun.identity.saml2.profile.spacsutils Method java.util.map processresponseforfedlet(httpservletrequest request, HttpServletResponse response) com.sun.identity.saml2.common.saml2constants

Configuration files FederationConfig.properties fedlet.cot idp.xml idp-extended.xml sp.xml sp-extended.xml

Spring Security SAML Extension The component enables both new and existing applications to act as a Service Provider in federations based on SAML 2.0 protocol and enable Web Single Sign-On. Easy for integration with existing Spring Security in the project by adding custom SAML filter in SpringSecurityFilterChain. SAML configuration files: idp.xml sp.xml

Spring Security configuration Base package org.springframework.security.saml Beans samlfilter - org.springframework.security.web.filterchainproxy samlentrypoint - org.springframework.security.saml.samlentrypoint samlwebssoprocessingfilter - org.springframework.security.saml.samlprocessingfilter

Spring Security configuration samllogoutfilter - org.springframework.security.saml.samllogoutfilter samllogoutprocessingfilter - org.springframework.security.saml.samllogoutprocessing Filter metadata - org.springframework.security.saml.metadata.cachingmeta datamanager samlauthenticationprovider - org.springframework.security.saml.samlauthenticationpr ovider

Spring Security configuration processor - org.springframework.security.saml.processor.samlprocess orimpl beans for bindings, encoders and decoders used for creating and parsing messages

User details Configuration for SAMLAuthenticationProvider defines bean that can be used to load user data after SSO Custom class which implements SAMLUserDetailsService and overrides method loaduserbysaml(final SAMLCredential credential)

Load Balancer SAML Extension 1.0.0.RC2 implements SAMLContextProviderLB Older versions use server instance name which can create a problem in SAML response validation

References OpenSSO and OpenAM Spring Security http://openam.forgerock.org/openamdocumentation/openam-doc-source/doc/devguide/index.html#chap-fedlet-java http://static.springsource.org/springsecurity/site/extensions/saml/index.html

Thank you

Contact Ana Mandić Five Minutes Ltd, Development Lead gsm +385 99 5022 256 mail skype twitter web ana.mandic@fiveminutes.eu ana.mandic @tanandaaa http://www.fiveminutes.eu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information