At some point we all need to integrate our application with the security system used by the customer. Single Sign-On and the SAML protocol quickly becomes the standard in how web applications authenticate. In this session we'll go over the SAML principles and show how we can implement these principles in a Spring Security-enabled J2EE application.
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Integrating spring security and SAML - JOIN 2014
1. Ordina JOIN 2014
Ken Coenen
@CoenenKen
Senior Java Developer
Architecture & Best Practices Competence Lead at Ordina
Integrating Spring Security and SAML
3. What is SAML?
▪ Security Assertion Markup Language
▪ XML protocol
▪ Approved standard
▪ SAML 2.0 dates from March 2005
▪ Used for eg. Single Sign-On (SSO)
4. SAML overview
▪ Identity Provider (IDP)
Authenticating party
▪ Service Provider (SP)
Relies on the IDP and provides
a service
▪ Circle of Trust (COT)
Group of trusted SPs
5. SAML sequence
1. User requests access to a
service
2. Redirect to IDP logon page
3. POST to IDP
4. Redirect to application
5. User can access any
application in the Circle of
Trust
7. What is Spring Security?
▪ Part of the Spring framework
http://projects.spring.io/spring-security/
▪ Provides dozens of customizable security features
▪ Authentication and Authorization
→ For now we’ll focus on authentication
▪ Support for a wide range of authentication models
▪ Possible to write your own
→ That’s what we’ll do!
8. Authentication Concepts
▪ Filter Chain
▪ Security rules for your application
▪ Entry Point
▪ How an unauthenticated user tries to access secured resources
▪ eg. Form login, OpenID, basic authentication, ...
▪ Manager
▪ Manages authentication requests
▪ Uses AuthenticationProvider and User Details Service
16. Process the SAML response
▪ Extends AbstractAuthenticationProcessingFilter
Wrap our SAML assertion in a PreAuthenticated-
AuthenticationToken in the request parameters