I am trying to setup Josso2.4 to work as a sign in solution to multiple websites. (Starting with just one).
I have configured my test web site as an "external saml2 service provider" in jooso but this require a "metadata file" and I have been unable to find any documentation for this metadata file format. Is it a standard saml format shared accross all saml implementations?
I found some sample xml files I could import, but i newer found a sample which had sso enabled.
You didn't mention, what you use as service provider. You can use Spring Security SAML and download metadata from special URL, for examle: http://localhost:8080/spring-security-saml2-sample/saml/metadata
See documentation: http://docs.spring.io/autorepo/docs/spring-security-saml/1.0.x-SNAPSHOT/reference/htmlsingle/
Related
I'm writing some SSO code, that will allow any IdP that supports SAML to authorize with my code.
I need an IdP Simulator that can provide me a metadata URL with the Idp config so that I can test my code. (I'm providing in my code the SP config).
I search but couldn't find some kind of simulator, all I found were tools that manage the apps if I provide both the IdP and SP configs, which is not what I'm looking for.
Thanks a lot!
SAMLtest.id is a free SAML 2.0 testing service that allows you to test your SAML-compliant Service Provider (which is effectively what you have, based on your description). You need to upload a metadata document representing your SP / your application, and you'll be able to download the SAMLtest metadata to use to form your half of the integration.
This is effectively the new version of TestShib, which shut down a number of months ago due to lack of community support, and I use it relatively regularly.
Good luck!
Alternatively you could also use SSOCircle , which offers a free of charge SAML IdP as well (https://www.ssocircle.com/en/portfolio/publicidp/). E.g. it is configured as a default SAML IdP for Spring Security SAML extension.
(I) How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository allows you to build and run a standalone IdP Simulator at your own testbed. Running a standalone SAML IdP Simulator by yourself allows you to test your SP code and debug your SAML SP log by checking server logs of both IdP and your SP developed by you.
(1) Download the source code from How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository
git clone https://github.com/winstonhong/Shibboleth-SAML-IdP-and-SP
(2) Copy your SP metadata file into
shibboleth-idp-dockerized/ext-conf/metadata/
(3) Extract IdP metadata file "idp-metadata.xml" from
shibboleth-idp-dockerized/ext-conf/metadata/
and upload it to your SP server developed by you
(4) Follow the README instruction to run OpenLDAP server and SAML IdP server using Docker container
(5) Run your SP server developed by you
(6) Now you can check the server logs of both Shibboleth IdP and your SP server to debug your SP code.
In addition, shibboleth-sp-testapp/ folder provides the reference SP configuration for your SP server developed by you.
(II) Another StackOverflow question Setting up a new Shibboleth IdP to work with an existing SAML SP discusses the SAML configuration between IdP and SP.
(III) TestShib is the online Shibboleth IdP simulator built and run by the Shibboleth community. It is exactly the same as the above standalone Shibboleth IdP simulator built and run by yourself.
I am trying to automate my Wso2 5.3.0 configuration so that it is easier to setup a Wso2 instance based on our needs.
Is it possible to configure service providers through some configuration file instead of doing it through the admin panel?
You can do this via the administration SOAP API. You need to call different services depending on the configuration (SAML, OIDC ...).
Unfortunately wso2 does not bundle a cli tool for that. We ended up writing our own command line client for export and import.
Searching around i found the doc page about the service for handling policies. It is called EntitlementPolicyAdminService and the doc page can be found here .
Still too bad that this is not configurable by a config file or something but at least there is a workable solution.
I am having a Web Application running on tomcat and hosted on amazon, I want to add it as an SAML Service Provider which allows single sign on(SSO) in onelogin(https://www.onelogin.com/)
I have a free trial account in one login, and In Add App section I can see many applications like salesforce,aws and all but how can I add my own application there ?
I clicked on Suggest an App and and gave my application URL. Is there anyway I can add my own application as an SP in onelogin ?
You can use the SAML Test Connector. It works with any generic SAML Service Provider.
If you also need to add SAML support to your tomcat application, you should know that Tomcat does not have a SAML SP provider implementation itself, so you will need to add SAML support to the java application. For that you can use:
OIOSAML
spring security
java-saml
shibboleth (It requires also Apache).
As a requirement I need to configure 2 enterprise applications using SAML token.
Due to following listed constraints I need to write individual services for token generation and token signing.
The Constraints are:
No IdP(Identity Provider) available. No associated metadata file available.
Need to use SAML 1.1 version
Need to self-sign the SAML Response.
As part of POC I am able to generate SAML Token using 2.0 version by writing a service which is forwarding to Signing service for signing. I am able to sign it by generating certificate\keystore using Windows keytool command.
Although For SAML 1.1 Implementation using OpenSAML library I am unable to generate the SAML request message in proper format. I looked for additional libraries which could help like WSS4J which has SAML Token Profile Generator.
Also some configuration around IBM Websphere Application server (SAML Token Generater) as that is the used for hosting an application. Still could not implement the solution using the above options.
Questions:
Is it possible to do a SAML implementation without using a IdP Server ?
Can I use IBM Websphere Application Server(WAS) as IdP Server?
Can WAS be utilized for generating STS tokens ?
Any library like OpenSAML, WSS4J which can be helpful to generate & Sign SAML Tokens easily for SAML 1.1 version ?
I am trying to user Tivoli Federated Identity Manager 6.2 as identity provider and an application that have SAML 2.0 support using ComponentSpace library.
Will that application be able to support TFIM or not? And if it's supported then can anyone provide any instruction or information ore documentation related to use of these two.
Yes, interoperability with TFIM is supported. You should ask for the SAML metadata from the partner provider using TFIM. The SAML metadata includes information such as the URLs used for SSO, the X.509 certificate used for signature verification, and the partner's entity ID.
You can use the ImportMetadata utility to import the TFIM SAML metadata and have your local SAML configuration (ie saml.config) updated with this information.
The partner provider will most likely want your SAML metadata so they can update the TFIM configuration/
You can use the ExportMetadata utility to export the local SAML configuration (ie saml.config) to a SAML metadata file that may be supplied to the partner provider.
The ImportMetadata and ExportMetadata projects may be found under the Examples/Metadata folder.