SAML简单的初学者示例 [英] SAML simple example for beginners

问题描述

我是SAML v2.0技术的初学者，我掌握了理论知识，但我没有在Google上找到任何示例。任何人都可以为我提供简单的SAML for v2.0的分步示例。

I am beginner to the SAML v2.0 technology and I get the theory knowledge but I didn't find any examples on Google. Can anybody provide me with a step by step example for simple "SAML for v2.0".

1. 到目前为止，我已经完成了理论部分，即支持单点登录和
   b $ b我也了解服务提供商和身份提供商 。


2. 目前我正在开发 Linux环境


3. 我需要逐步说明请求的基本示例从用户 - >
   身份提供商 - >服务提供商以及如何配置环境。


4. 是否可以执行SAML的示例v2.0


5. 他们是否有机会用Java语言执行SAML示例，如果可能的话，你也可以在
   上提供Java上的示例。

1. Upto now I've gone through the theory part,i.e.., it support Single sign on and
   also I understood about the Service provider and Identity Provider .
2. Presently I am working on Linux Environment
3. I need basic example in step by step manner how the request is moving from user -> Identity Provider->Service Provider and how to configure the environment .
4. Is it possible to execute the example for the SAML v2.0
5. Is their any chance to execute SAML example in Java language,If it possible you can
   provide the example on Java also.

推荐答案

使用SAML的典型SSO称为Web SSO配置文件。市场上有许多产品支持这种产品，例如OpenAM，Shibboleth，OpenSAML和Oracle Identity Federation。具体配置取决于您选择使用的产品。我在本书中使用的OpenSAML的一个工作示例是这里。

Typical SSO with SAML is something called Web SSO Profile. There are many products supporting this on the market for example OpenAM, Shibboleth, OpenSAML and Oracle Identity Federation. The specific configuration is dependant on what product you choose to use. A working example of OpenSAML that I use in my book is availible here.

在SAML级别，SP和IDP交换元数据，其中包含有关SP和IDP如何通信的配置信息。

On a SAML level, the SP and IDP exchanges Metadata which contain configuration information on how the SP and IDP want to communicate.

然后分两步完成SSO：

SSO is then done in four steps:

1. SP看到用户没有经过身份验证的会话。


2. SP将用户重定向到IDP，并将SAML AutnRequest作为URL参数。


3. IDP对用户进行身份验证并使用URL参数中的工件将其重定向回SP。


4. SP使用ArtifactResolveRequest通过SOAP交换Assertion的工件到IDP。

1. SP sees that the user does not have an authenticated session.
2. The SP redirects the user to IDP with a SAML AutnRequest as an URL parameter.
3. The IDP authenticates the user and redirects it back to the SP with an artifact in URL parameter.
4. The SP exchanges the Artifact for an Assertion over SOAP using a ArtifactResolveRequest to the IDP.

如果您想自己用Java编写代码，可以使用OpenSAML。在我的博客上，我有很多关于如何使用它的示例。

If you want to code this yourself in Java, you can use OpenSAML. On my blog I have many examples on how to use it.

在我的书中， OpenSAML指南，我写了很多关于这个

In my book, A Guide To OpenSAML, I write alot about this

EDIT 本书的新版本已经发布，涵盖OpenSAML v3

EDIT New edition of the book is out, covering OpenSAML v3

这篇关于SAML简单的初学者示例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！