如何使用SPRING SAML EXTENSION使我们的Web应用程序成为身份提供者? [英] How to use SPRING SAML EXTENSION to make our webapp as an identity provider?
问题描述
全部, 这是我的要求.
All, Here is my requirement.
-
我们有一个当前的JAVA Web应用程序,该应用程序在Spring Security Framework上实现了基本安全性.当用户进入我们的应用程序时,我们拥有登录页面,我们存储用户凭据,并且spring框架正在调用我们的客户用户提供程序以获取所有用户详细信息.
We have a current JAVA Web application and that is implemented basic security on Spring Security Framework. When user come to our app , we own the login page, we store the user credentials and spring framework is calling our customer user provider to get all the user details.
现在,我们需要与托管在不同域中的另一个Web应用程序进行对话.但是新的应用程序符合SAML要求,并且可以根据SAML令牌对用户进行身份验证.
Now, we have a need to talk to another web application hosted in different domain. But the new application is SAML compliant and is ready to authenticate users based on SAML tokens.
根据我到目前为止所做的几项研究,看来我们需要像OpenAm,OpenSSO等实施第三方身份提供软件,然后将当前基于Spring的身份验证模块移至新的IDP软件,然后与其他应用程序集成以进行SAML传输.
Based on several research I have done so far, it looks like we need to implement a 3rd party Identity Provide s/w like OpenAm, OpenSSO etc and move our current spring based authentication module to the new IDP s/w and then integrate with other apps for SAML transport.
相反,我想知道是否有一种简单的方法可以使我的应用程序成为身份提供者并直接从我们的APP传递SAML,而不是依赖于第三方IDP软件.
Instead, I am wondering if there is a simple way to make my app as the Identity Provider and pass the SAML directly from our APP , instead of depending on 3rd party IDP S/W.
Spring Security SAML扩展似乎可以完成这项工作,我感到很兴奋.但是,如果我阅读更多详细信息,我会发现即使是Spring SAML Extension也需要外部IDP软件来完成其工作.
The Spring Security SAML Extension appeared to do that work and I was excited. But, if I read more details, I see that even Spring SAML Extension is needing an external IDP software for doing its job.
问题是,是否有人在没有外部IDP的情况下使用SPRING SAML EXTENSION.还有其他方法可以达到我的上述要求.
The question, has anyone used SPRING SAML EXTENSION without a external IDP s/w. Is there any other ways to achieve my above requirement.
推荐答案
Spring SAML Extension仅启用SAML 2.0服务提供商功能.
Spring SAML Extension is only enabling SAML 2.0 Service Provider capabilities.
您可以将 Shibboleth 集成到现有应用程序中. Shibboleth是一个IDP解决方案,它也是基于Java的,并广泛使用Spring.尽管如此,这种集成还是很重要的.
You could integrate Shibboleth into your existing application. Shibboleth is an IDP solution, it is also Java based and uses Spring extensively. Despite this, such integration is non-trivial.
通过实现一个独立的身份提供程序(例如OpenAM,Shibboleth,JOSSO)并将现有的应用程序转换为支持SAML SP(这将使您能够连接到新创建的IDP),您可能会节省大量时间.
You'll probably save a lot of time by implementing one of the standalone Identity Providers (e.g. OpenAM, Shibboleth, JOSSO) and converting your existing application to support SAML SP (which will enable you to connect to your newly created IDP).
这篇关于如何使用SPRING SAML EXTENSION使我们的Web应用程序成为身份提供者?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
