问题
We are working on the development of micro services for our domain.
We have a requirement to secure the micro services using SAML.
I read through the SAML docs and see that there would an Identity provider to which we have register our application (SP) and also we should connect to IdP for authentication. I understand that we need to establish a circle of trust or federation between them.
I tried using the Spring Security SAML extension and SSOCircle.com as IdP for authentication using the sample application provided. I was able to successfully authenticate accordingly.
My question is, in a micro services architecture, we have multiple services. Since it is not a monolithic we cannot just add one service as a SP to the IdP.
That means every micro service I have say, employee, department,sales etc should also be added as a separate SP application in IdP.
I am not sure if that makes sense or actually possible to do so.
If anyone has worked on a similar architecture/development can you please provide your thoughts on the best way to approach the security of micro services from the point of authentication.
Thanks, bstechie
回答1:
Two ways to do this:
- As you said, configure each micro-service as SP and each SP talk to IdP for SAML authentication.
- This is suitable, if each micro-service has different set of users, groups and roles than others.
- There could be multiple SPs, which admin need to maintain.
- Consolidate and configure all micro-services to single SP at your domain (may be use Reverse Proxy Web-Server or Access Manager) and that single SP talk to IdP for SAML authentication.
- This is suitable, if all micro-service has same set of users, groups and roles.
- There could be only single SP that admin need to maintain.
来源:https://stackoverflow.com/questions/37966557/micro-services-authentication-using-saml-and-identity-provider