====================
This project expands upon the sample Spring Boot SAML project made by Vincenzo De Notaris with customizations required for deployment in a PULSE environment.
$ git clone https://github.com/pulse-admin/saml-service-provider.git
$ cd saml-service-provider
$ cp src/main/resources/application.properties.template src/main/resources/application.properties
$ # change entityId & keyLocation to appropriate values
$ nano src/main/resources/application.properties
$ cp src/test/resources/environment.test.properties.template src/test/resources/environment.test.properties
$ # change keyLocation to appropriate value
$ nano src/test/resources/environment.test.properties./gradlew bootRun will compile, build, and run the application, by default on http://localhost:8080
This project depends on the PULSE Authentication Module for JWT authoring & consuming. That project must be compiled and installed before this project will compile.
====================
Spring Boot makes it easy to create Spring-powered, production-grade applications and services with absolute minimum fuss. It takes an opinionated view of the Spring platform so that new and existing users can quickly get to the bits they need.
Spring SAML Extension allows seamless inclusion of SAML 2.0 Service Provider capabilities in Spring applications. All products supporting SAML 2.0 in Identity Provider mode (e.g. ADFS 2.0, Shibboleth, OpenAM/OpenSSO, Ping Federate, Okta) can be used to connect with Spring SAML Extension.
Currently Spring Security SAML module doesn't provide a starter for Spring Boot. Moreover, its configuration is XML-based as of this writing. The aim of this project is to explain how to develop a Service Provider (SP) which uses Spring Boot (1.3.0.RELEASE) and Spring Security SAML Extension (1.0.1.RELEASE), by defining an annotation-based configuration (Java Configuration). Thymeleaf is also used as template engine.
SSOCircle (ssocircle.com) is used as public Identity Provider for test purpose.
- Author: Vincenzo De Notaris (dev@vdenotaris.com)
- Website: vdenotaris.com
- Version:
1.2.1.RELEASE
Thanks to Vladimír Schäfer (github.com/vschafer) for supporting my work.
I would like to say thank you to Alexey Syrtsev (github.com/airleks) for his contribution on unit tests.
| Metric | Result |
|---|---|
| Coverage % | 99% |
| Lines Covered | 196 |
| Total Lines | 199 |
- Make sure the following lines are in the application.properties of SSP, Broker, Mock, and Service
server.ssl.key-store: src/main/resources/keystore.p12
server.ssl.key-store-password: YOUR PASSWORD HERE
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat
- Make sure all urls in application.properties files have prepend https and not http
- Open gitbash as Administrator and cd into saml-service-provider src/main/resources/
- Generate self-signed certificate
- Excute command:
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 365 - Enter password:
YOUR PASSWORD HERE - The first question will be: "What is your first and last name?" Enter:
localhost - Answer the next few questions, answers dont matter
- Import self-signed certificate into the jvm's trust store
- Execute the command:
keytool -exportcert -keystore keystore.p12 -storepass YOUR PASSWORD HERE -storetype PKCS12 -alias tomcat -file server.cer - Execute the command:
keytool -importcert -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass NEW PASSWORD HERE -alias tomcat -file server.cer- If the alias already exists, execute:
keytool -delete -alias tomcat -keystore $JAVA_HOME/jre/lib/security/cacerts
- If the alias already exists, execute:
- Type
yeswhen it asks if you want to trust this certificate
- Copy the keystore.p12 file from the current directory to the src/main/resources/ directory of Mock, Broker, and Service
- Re-run SSP, Broker, Mock and Service
Copyright 2016 Audacious Inquiry, LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.