I just strated my project with SAML 2. I want some help related SAML and OpenSAML libraries v.2.0.
Can someone tell me helpful and comprehensive tutorials for it? I just want to do a small POC.
I need Step-by-Step help for SAML. Here are some of my requirements. Please help.
All SAML specific functionality will be implemented using the open source OpenSAML libraries.
We will support both Service Provider (SP) initiated authentication as well as Identity-Provider (IdP) initiated authentication.
My book, A Guide to OpenSAML, gives a good introduction and step by step on SAML and the OpenSAML library.
Also my blog has a couple of examples on this.
https://blog.samlsecurity.com/categories/opensaml/
https://blog.samlsecurity.com/categories/saml/
I would suggest starting here:
http://identitymeme.org/doc/draft-hodges-learning-saml-00.html
Related
After successfully implementing SAML-V2 Service Provider (SP); for supporting some specific use-case, I have to implement my own SAML-2 IdP. After going through OASIS Documentation and many others about the SAML protocol, I have started implementing it.
My Use-case is just a single profile (Web Browser SSO Profile) with SP-Initiated SSO: Redirect Bindings only.
I am looking for some lean third-party library or java based implementation which I can refer/use to speed up the implementation and customize on top of that.
Would love for any recommendation or suggestion in this direction.
To be specific I'm looking for any/all of below :
Easy to use open-source library for implementing SAML-V2 Identity Provider in Java.
Detailed documentation/specification for above profile.
Any advice from experts who have past experience in implementation such kind of IdP.
There is lots of material available for SP. However, very few and complex for IdP.
Some of the java-based implementation which I am already looking are : KeyCloak and Lite-IdP.
"Very few and complex" is true because building a real-world identity provider is a serious project. OpenSAML as the library is your best option in Java - many enterprise-grade implementations that we know about are built with it. A good, stripped-down example of how to use OpenSAML in IdP context is https://github.com/OpenConext/Mujina .
Lite IdP is written in Go. If you're open to non-Java options, SimpleSAMLphp is excellent, it's certainly better documented than many others.
I'd post it as comment, but I don't have enough reputation.
But here you have almost the same question, regarding Spring SAML:
using-spring-saml-as-an-idp-rather-than-an-sp
Take a look at Vladimir's answer, I think it's what you're looking for. Here is the link suggested by him.
Cheers
I have searched a lot for a good documentation on how to implement SSO as I am a beginner in this field. But got confused with documentations, available online. Is there any documentation that can help me directing :
How to Create/configure IDP , SP, how to implement SSO?
My web application uses, Java 8, angular JS , JSP, Spring ( with annotations), Hibernet, Maven, JBOSS.
Appreciate your time in advance.
Your question is kind of broad which is hard to give a definitive answer. Perhaps knowing better about what to research may help. Please let me try:
Your web application will be an SP. Thus, you don't need to research for how to implement an IdP.
You will need at least 1 IdP to test SSO for your application. Therefore, find out what IdP you want to use and research for how to set it up as well as how to configure a service provider trust against it.
What is the protocol you want to use for SSO? Is it SAML 2.0, WSFed, OAuth2, OpenId Connect or something else? Pick one.
Research a good library that you can use to implement the SP role for your application.
You've mentioned Java and Spring so typically you are looking at Spring Security and SAML.
If that's the case. then you need to implement a client side SAML stack.
Refer: SAML : SAML connectivity / toolkit.
I should implement SAML authentication (Okta) in Jupyter. I have tried to search but didn't find anything. Maybe someone knows the solution. Thanks for help.
If you are looking to add Single Sign On to Jupyterhub via Okta, then I strongly suggest taking advantage of OpenID Connect. This will be much easier than adding SAML support.
If you need to implement SAML specifically, the typical way would be to use PySAML2, I wrote a detailed guide for adding SAML support to Python/Flask.
However, it looks like Jupyterhub uses Tornado and also appears that PySAML2 doesn't work with Tornado. If you are looking to add SAML support to Jupyter hub and you are feeling very adventurous, then another avenue to investigate would be to implement your own SAML validation using signxml.
You should try using the jupyterhub-samlauthenticator.
Check it out here: https://github.com/bluedatainc/jupyterhub-samlauthenticator
I would implement single signing with opensaml library, but don't know which parameter i will pass for log in. So can any body help for that?
Thanks in advance.
The sign on starts with sending a XML message called a AutnRequest to the identity provider. SAML authentication is quite complex so I would suggest reading up on the process. The SAML technical overview is a good start.
When you are ready to start looking at OpenSAML my book, A Guide to OpenSAML, gives a good introduction and step by step on SAML and the OpenSAML library.
Also my blog has a couple of examples on this.
https://blog.samlsecurity.com/categories/opensaml/
https://blog.samlsecurity.com/categories/saml/
I'm using this library with my codeigniter rest service. Basically, I have a REST_controller, that is inherited, and checks for a valid token, using that library.
All I want is to provide an API to secure some of the API methods.
Now, I'm lost reading most of the specs for oauth2 and tutorials regarding that library.
Can anyone help me, proving good tutorials, examples and explanations on I can achieve, a simple login system and then, call user authenticated methods.
Thanks in advance
Just constructed a pictorial tutorial for OAuth2.0 specs. In case you may find this useful:
Tutorial : http://restful-fundamentals.blogspot.in/2013/04/oauth-20-introducation.html
Also adding a web app demo demostrating the different Authorisation Grants flows. It contains the path to the google code as well as some other tips.
http://restful-fundamentals.blogspot.in/2013/04/svn-repository-oauth20-spectifications.html
***Your comments at that blog may be useful to me to improve the contents there*
I did a demo using spring MVC and spring security you can find source code here