micro services authentication using SAML and Identity Provider

偶尔善良 提交于 2019-12-11 11:44:14

问题


We are working on the development of micro services for our domain.

We have a requirement to secure the micro services using SAML.

I read through the SAML docs and see that there would an Identity provider to which we have register our application (SP) and also we should connect to IdP for authentication. I understand that we need to establish a circle of trust or federation between them.

I tried using the Spring Security SAML extension and SSOCircle.com as IdP for authentication using the sample application provided. I was able to successfully authenticate accordingly.

My question is, in a micro services architecture, we have multiple services. Since it is not a monolithic we cannot just add one service as a SP to the IdP.

That means every micro service I have say, employee, department,sales etc should also be added as a separate SP application in IdP.

I am not sure if that makes sense or actually possible to do so.

If anyone has worked on a similar architecture/development can you please provide your thoughts on the best way to approach the security of micro services from the point of authentication.

Thanks, bstechie


回答1:


Two ways to do this:

  1. As you said, configure each micro-service as SP and each SP talk to IdP for SAML authentication.
    • This is suitable, if each micro-service has different set of users, groups and roles than others.
    • There could be multiple SPs, which admin need to maintain.
  2. Consolidate and configure all micro-services to single SP at your domain (may be use Reverse Proxy Web-Server or Access Manager) and that single SP talk to IdP for SAML authentication.
    • This is suitable, if all micro-service has same set of users, groups and roles.
    • There could be only single SP that admin need to maintain.


来源:https://stackoverflow.com/questions/37966557/micro-services-authentication-using-saml-and-identity-provider

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!