We have decided to use Ping Federate to be our SSO solution. I have searched many examples but have not found a spring configuration that clearly describes how I need to set up my SP and/or IdP on the PingFederate side. I have not found a Spring document that describes what I need exactly to implement this.
Any help, much appreciated.
Currently there's no step-by-step guide on establishing federation between Spring SAML and Ping, but the steps are very similar to what's described in the quick start guide of Spring SAML.
The best approach is to start with the sample application included inside Spring SAML, configure it to work with Ping and then transfer the configuration to your current Spring application.
The high level steps are:
deploy Spring SAML sample application
download its SP metadata from https://server:port/context/saml/metadata (just open browser to the URL and store all content it returns)
configure Ping by creating new "SP Connection", as part of the process you import metadata which you stored earlier, to start with you can use defaults on most of the settings
when done, export the IDP metadata from Ping using Administrative functions -> Metadata Export for the connection you created in the previous step
import the IDP metadata to your Spring SAML (examples are in the manual)
This establishes federation between the two and enables you to start authenticating your users through Ping.
The metadata configuration (bean metadata) should look as follows in your case:
<bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
<constructor-arg>
<value type="java.io.File">classpath:security/idp.xml</value>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata"/>
</constructor-arg>
<property name="metadataTrustCheck" value="false"/>
</bean>
</list>
</constructor-arg>
</bean>
Make sure to replace resources/security/idp.xml with metadata from PF. You can remove all unused instances of ExtendedMetadata beans (like the one for SSO Circle). The reason metadata bean can contain multiple "links" is that it can support many IDPs at the same time.
Related
I'm deploying a shibboleth v4 idp for SSO to protected network resources with Shibboleth SPs (Service Providers).
I want to define simple rules like that:
SP group one: SP-A and SP-B must be in the same SSO context (no re-authenticaton requeired between resources of SP-A and resources of SP-B)
SP group two: SP-C and SP-D must be in the same SSO context (no re-authenticaton requeired between SP-C and SP-D)
re-authenticaton required between SP from differents groups.
I'm working on relying-party.xml, writing something like this:
<!-- Example matching two SPs (group one) -->
<bean parent="RelyingPartyByName" c:relyingPartyIds="#{{'SP-A', 'SP-B'}}">
<property name="profileConfigurations">
<list>
<!-- Your refs or beans here. -->
<bean parent="SAML2.SSO">
..I suppose I need to define something here, but what?
</bean>
</list>
</property>
</bean>
<!-- Example matching two SPs (group two) -->
<bean parent="RelyingPartyByName" c:relyingPartyIds="#{{'SP-C', 'SP-D'}}">
<property name="profileConfigurations">
<list>
<!-- Your refs or beans here. -->
<bean parent="SAML2.SSO">
..I suppose I need to define something here, but what?
</bean>
</list>
</property>
</bean>
This road is correct? With respect to this example what rule should I write?
In order to configure spring batch admin UI to use db2 database, I referred the Admin UI documentation which says "launch the application with a system property -DENVIRONMENT=[type]." I understand that "-DENVIRONMENT=db2" should be kept in some file. I tried by keeping in batch-default.properties file, but that did not work. Since I am using WLP(liberty server), tried by keeping in server.xml file, no help. Still in the console I see env-context.xml file from batch admin is still loading batch-hsql.properties file(default configuration).
My job is written using Spring Boot so I put property, ENVIRONMENT=db2 in application.properties and add a new file - batch-db2.properties at same location as application.properties.
Few compulsory properties will be needed there like - you need to try an experiment,
batch.job.configuration.package=
batch.drop.script=classpath*:/org/springframework/batch/core/schema-drop-db2.sql
batch.schema.script=
batch.business.schema.script=
#Copied from batch.properties of spring-batch-admin-manager API project
batch.jdbc.testWhileIdle=false
batch.jdbc.validationQuery=
batch.data.source.init=false
batch.job.configuration.file.dir=target/config
batch.job.service.reaper.interval=60000
batch.files.upload-dir=/sba/input
I had put DB connection information too but later I moved to JNDI by overriding file - data-source-context.xml in META-INF\spring\batch\override like below,
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="ConnectionPool" />
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource" />
</bean>
</beans>
ConnectionPool is db connection pool JNDI name from server.
Keeping configurations in your code lets you freely move your app to different servers without asking for server specific configurations first.
Not really familiar with liberty server, but the link below says that system properties need to be added to jvm.options file. See link below :
https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/twlp_admin_customvars.html
I'm maintenance a old system it run in a jboss container,and it use ibatis and spring access an oracle db. Now this system's db related functions are discarded and the db will be closed. How should i do to safety disconnect this system with db (assuming the application code can deal with all exceptions except SqlException)
the key configuration is as follows:
xxx-ds.xml:
<datasources>
...
</datasources>
daoContext.xml:
<jee:jndi-lookup id="oracleSource" jndi-name="java:/DefaultDS"/>
<!-- SqlMap setup for iBATIS Database Layer -->
<bean id="sqlMapClient" class="org.springframework.orm.ibatis.SqlMapClientFactoryBean">
<property name="configLocation" value="META-INF/sql-map-config.xml"/>
</bean>
<bean id="xxxx" class="path.to.class.xxxxDao">
<property name="dataSource" ref="oracleSource"/>
<property name="sqlMapClient" ref="sqlMapClient"/>
</bean>
path.to.class.xxxxDao is extends org.springframework.orm.ibatis.support.SqlMapClientDaoSupport and implements db access methods.
Replace jndi data source with a mock db
I want to create XMPP connection with security, I tried this
<bean id="xmppConnection" class="o.s.i.xmpp.XmppConnectionFactoryBean">
<constructor-arg>
<bean class="org.jivesoftware.smack.ConnectionConfiguration">
<constructor-arg value="myServiceName"/>
<property name="truststorePath" value="..."/>
<property name="socketFactory" ref="..."/>
</bean>
</constructor-arg>
</bean>
dependencies
dependencies {
compile("org.springframework.boot:spring-boot-starter-web")
compile("org.springframework.integration:spring-integration-xmpp:4.3.8.RELEASE")
testCompile("junit:junit")
}
But class o.s.i.xmpp.XmppConnectionFactoryBean not found. Do I need to include any other dependency.
The package is abbreviated because of formatting for the documentation. The actual class name is
org.springframework.integration.xmpp.config.XmppConnectionFactoryBean
This is explained in the documentation.
1. Conventions in this Book
In some cases, to aid formatting, when specifying long fully-qualified class names, we shorten the package org.springframework to o.s and org.springframework.integration to o.s.i, such as with o.s.i.transaction.TransactionSynchronizationFactory.
If you use IDE content assist (eclipse, IDEA) when typing class names, it will complete the package for you.
I use restlet in camel route in from("restlet:http/myLink") clause. When user's requests more then ten per second, I begin recieve errors processing request like a "org.restlet.engine.connector.Controller run
INFO: Connector overload detected. Stop accepting new work"
I think, that error is caused by number of threads,request query's size or number,or something like that. I try set to maxThreads param different values in spring config
<bean id="restlet" class="org.apache.camel.component.restlet.RestletComponent">
<property name="maxThreads" value="15"/>
</bean>
but I am not succeed. In documentation http://camel.apache.org/restlet.html I ddin't find ant param for setting size\number of request queue. I need help :(
P.S. camel-restlet version is 2.12.2
Update
I try to set big numbers to maxThreads,maxConnectionsPerHost,maxTotalConnections, but it's useless. If inject org.restlet.Component to camel's config like that:
<bean id="restletComponent" class="org.restlet.Component" />
<bean id="restlet" class="org.apache.camel.component.restlet.RestletComponent">
<constructor-arg index="0">
<ref bean="restletComponent" />
</constructor-arg>
<property name="maxThreads" value="255"/>
<property name="maxConnectionsPerHost" value="1000"/>
<property name="maxTotalConnections" value="1000" />
</bean>
How I can override properties, that use BaseHelper params?
After go through the options of lowThread as well.
But I found current released camel doesn't support it.