How to configuration of IDP metadata and SP metadata in Spring Security SAML sample?

Question

I want to deal with Spring Security SAML. For this, I start to explore Spring Security SAML. At the beginning, I create an account at SSOCircle. Than I configurated of IDP metadata and generation of SP metadata (4.2.2 and 4.2.3). At entityId I set:

 <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
    <constructor-arg>
        <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
            <property name="entityId" value="http://idp.ssocircle.com"/>
        </bean>
    </constructor-arg>
 </bean>

When I start application, I have:

Error occurred:
Reason: Unable to do Single Sign On or Federation.

or

Error occurred:
Reason: Unable to get AuthnRequest.

How to configure Spring Security SAML?

Answer 1

Follow the steps in the QuickStart chapter. Some differences to note:

1. Sign up at http://www.ssocircle.com/. You need to verify your email address.

2. The metadataGeneratorFilter section of sample/src/main/webapp/WEB-INF/securityContext.xml should look like this (Note: signMetadata property is commented out):

   <bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
   <constructor-arg>
       <bean class="org.springframework.security.saml.metadata.MetadataGenerator">
         <property name="entityId" value="urn:test:YourName:YourCity"/>
     <!--<property name="signMetadata" value="false"/>-->
       </bean>
   </constructor-arg>
   

3. Build and start the web server locally. Then download the metadata at http://localhost:8080/spring-security-saml2-sample/saml/metadata. Copy the contents to your clipboard.
4. Update the metadata of your new profile at https://idp.ssocircle.com/sso/hos/ManageSPMetadata.jsp.
5. Enter the FQDN of the service as "urn:test:YourName:YourCity". You need to enter unique values for Your Name and Your City. Paste in the metadata from above.
6. To Test:
   1. Logout of SSO Circle Service.
   2. Go to http://localhost:8080/spring-security-saml2-sample
   3. You should be redirected to the SSO Circle login.
   4. Login with your SSO Circle credentials.
   5. You should be redirected to your local service provider page and authenticated.

Answer 2

The metadata generator filter generates metadata for your application (service provider). The entity id you're providing (http://idp.ssocircle.com) is already used by the SSO Circle, you should create a unique value which describes your application, e.g. urn:test:helsinki:myapp

Just like the manual says:

make sure to replace the entityId value with a string which is unique within the SSO Circle service (e.g. urn:test:yourname:yourcity)