在 Spring Web 应用程序中创建 SAML 身份断言 [英] Creating SAML indentity assertion in Spring web app
问题描述
我们有一个 Spring Web 应用程序和一个需要知道哪个用户登录到 Spring 应用程序的第三方应用程序.一旦用户登录 Spring 应用程序,他就有可能以透明的方式访问第三方应用程序.为此,我们必须使用 SAML(第三个应用程序需求).因此,Spring Web 应用程序将以 IDP 启动的方式作为 IDP 工作.
We have a spring web app, and a third party application which need to know which user is logged in into the Spring application. Once the user is logged in the Spring app, he will have the possibility to access the third-party app in a transparent manner. For that purpose, we have to use SAML (third app need). So the Spring web app will work as an IDP, in an IDP-initiated way.
我找到了 OpenSAML 库,这个:http://blog.keksrolle.de/2010/07/27/how-to-create-a-valid-saml-2-0-assertion-with-opensaml-for-java.html
I found OpenSAML library, and this : http://blog.keksrolle.de/2010/07/27/how-to-create-a-valid-saml-2-0-assertion-with-opensaml-for-java.html
它显示了一个关于如何创建 SAML 断言的示例,但我很难找到有关创建自定义 IDP 的额外文档...
It shows an example on how to create SAML assertions, but I have some difficulties to find extra-documentation about creating a custom IDP...
那么除了 OpenSAML 之外还有其他工具可以帮助我们吗?或者样品?
So is there others tools than OpenSAML that could help us ? Or samples ?
我也找到了 Shibboleth,但不确定在这种特殊情况下是否有帮助...
I also found Shibboleth, but not sure if it can help in this particular case...
谢谢
推荐答案
OpenSAML 是最好的(并且可能是唯一的)Java 库,它简化了 SAML 消息的低级处理.您可以在 Shibboleth 或 Spring SAML 等产品的源代码中找到有关如何使用它来实现 SAML IDP/SP 组件的示例.您还可以在此博客中找到一些示例.
OpenSAML is the best (and possible the only) Java library which simplifies low-level handling of SAML messages. You can find examples on how to use it to implement SAML IDP/SP components in source codes of products like Shibboleth or Spring SAML. You can also find some examples in this blog.
直接使用 OpenSAML 编写一个非常简单的 IDP 仅涵盖您的特定用例可能是最好的方法.集成 Shibboleth 是 (imo) 紧随其后的最佳选择,但它远非微不足道.
Writing a very simplistic IDP covering only your particular use-case directly with OpenSAML is probably the best way to go. Integrating Shibboleth is (imo) the close second best option, but it's far for trivial.
这篇关于在 Spring Web 应用程序中创建 SAML 身份断言的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
