|
1 | 1 | # OneLogin's SAML Java SAML |
2 | 2 |
|
3 | | -Updating from 1.0-SNAPSHOT to 1.1.2 |
4 | | ---------------------------------- |
| 3 | +Candidate version 2.0.0 |
5 | 4 |
|
6 | | -Version 1.1.2 adds many improvements on security. It is a recommended update for all Java SAML users. |
7 | | - |
8 | | - |
9 | | -Overview |
10 | | --------- |
11 | | - |
12 | | -The Java SAML library is for implementing the client side of a SAML authorization, i.e. it provides a means for managing authorization initialization and confirmation requests from identity providers. |
13 | | - |
14 | | -SAML authorization is a two step process and you are expected to implement support for both. |
15 | | - |
16 | | -We created a example project that uses the latest version of this library to show how Java Toolkit works. |
17 | | - |
18 | | -Project Structure |
19 | | ------------------ |
20 | | - |
21 | | -The src/main/java/ folder contains the files you'll copy into your Java application. You can also build the project by running `mvn package` and copy the |
22 | | -resulting jar into your project instead of relying on the source code directly. Note also that Apache Commons Codec is a dependency. |
23 | | - |
24 | | -The sample/ folder has a minimal webapp which depends on the core code inside com/ folder and the files index.jsp and consume.jsp inside webapp-folder. |
25 | | -index.jsp and consume.jsp are the ones that actually handle the SAML conversation. Dependencies are configured in the pom.xml file. |
26 | | - |
27 | | -SAML Overview for project |
28 | | -------------------------- |
29 | | - |
30 | | -The index.jsp file acts as an initiater for the SAML conversation, if it should be initiated by the application. |
31 | | - |
32 | | -This is called Service Provider Initiated SAML. The service provider creates a SAML Authentication Request and sends it to the identity provider (IdP), |
33 | | -We authenticate at the IdP and then a Response is sent to the Consumer Service Url configured on index.jsp. |
34 | | - |
35 | | -In order to know where to redirect the user with the authentication request, we need to establish the user's identity provider affinity. |
36 | | -This depends on your application. In this example, those validations are provided by consume.jsp, which is meant as a stub for you customization. |
37 | | - |
38 | | -Running the sample |
39 | | ------------------- |
40 | | - |
41 | | -First install the core code into your local Maven repository with: |
42 | | - |
43 | | - mvn install |
44 | | - |
45 | | -You can now run the web app sample which depends on this code: |
46 | | - |
47 | | - cd sample |
48 | | - mvn jetty:run |
49 | | - |
50 | | - |
51 | | -What needs to be configured |
52 | | ----------------------------- |
53 | | - |
54 | | -In the example above, SAML settings are divided into two parts, the application specific (`const_assertion_consumer_service_url`, `const_issuer`, `const_name_identifier_format`) |
55 | | -and the user/account specific (`idp_sso_target_url`, `x509certificate`). You'll need to add your own code here to identify the user or user origin (e.g. by subdomain, ip_address etc.). |
56 | | - |
57 | | -The following information needs to be available on the account: |
58 | | - |
59 | | -`appSettings.setAssertionConsumerServiceUrl`: The URL at which the SAML assertion should be received. |
60 | | - |
61 | | -`appSettings.setIssuer`: The name of your application. Some identity providers might need this to establish the identity of the service provider requesting the login. |
62 | | - |
63 | | -`accSettings.setIdpSsoTargetUrl`: The URL to which the authentication request should be sent. This would be on the identity provider. |
64 | | - |
65 | | -`accountSettings.setCertificate`: The x509 certificate fingerprint. This is provided from the identity provider when setting up the relationship, for this version the certificate must be 1024-bit. |
66 | | - |
67 | | -The following information needs to be available for the response: |
68 | | - |
69 | | -`response.loadXmlFromBase64`: The coded SAML Response on string format |
70 | | -`response.setDestinationUrl`: The URL of the current host + current view |
71 | | - |
72 | | -In OneLogin, for this sample project, you'll want to set the SAML Consumer URL to "http://localhost:8080" and the SAML Audience and SAML Recipient to "http://localhost:8080/consume.jsp" |
| 5 | +Under development (Don't use it in production) |
0 commit comments