问题
All, Here is my requirement.
We have a current JAVA Web application and that is implemented basic security on Spring Security Framework. When user come to our app , we own the login page, we store the user credentials and spring framework is calling our customer user provider to get all the user details.
Now, we have a need to talk to another web application hosted in different domain. But the new application is SAML compliant and is ready to authenticate users based on SAML tokens.
Based on several research I have done so far, it looks like we need to implement a 3rd party Identity Provide s/w like OpenAm, OpenSSO etc and move our current spring based authentication module to the new IDP s/w and then integrate with other apps for SAML transport.
Instead, I am wondering if there is a simple way to make my app as the Identity Provider and pass the SAML directly from our APP , instead of depending on 3rd party IDP S/W.
The Spring Security SAML Extension appeared to do that work and I was excited. But, if I read more details, I see that even Spring SAML Extension is needing an external IDP software for doing its job.
The question, has anyone used SPRING SAML EXTENSION without a external IDP s/w. Is there any other ways to achieve my above requirement.
回答1:
Spring SAML Extension is only enabling SAML 2.0 Service Provider capabilities.
You could integrate Shibboleth into your existing application. Shibboleth is an IDP solution, it is also Java based and uses Spring extensively. Despite this, such integration is non-trivial.
You'll probably save a lot of time by implementing one of the standalone Identity Providers (e.g. OpenAM, Shibboleth, JOSSO) and converting your existing application to support SAML SP (which will enable you to connect to your newly created IDP).
来源:https://stackoverflow.com/questions/24071967/how-to-use-spring-saml-extension-to-make-our-webapp-as-an-identity-provider