This is a complicated topic with a lot of information published in the form of articles all over the internet. While SSO can be done in various ways and with different technologies, it seems like the standard that has the most traction is the Web Browser SSO Profile in SAML2.
I find it odd that I could not find a good SSO or SAML book anywhere. Which makes it difficult for a beginner to tackle. There is a pretty good description of the process on Wikipedia though.
Well one has to start somewhere so, being in the Java camp I looked for the options available to the Java programmer. As it turns out, if you want to go the SAML way there is an open source solution called Shibboleth. This is based on OpenSAML
There is even a test Identity Provider (IdP) available on the internet: TestShib. However, since I was working on the company network behind firewalls I could not use it. As part of the sequence of events, the IdP needs to redirect to the Service Provider (SP) and that part did not work for my setup.
As such I downloaded and installed Shibboleth IdP in a Tomcat instance and gave it a go. I must say that while there isn't much code involved (or that complicated), what proved to be the most difficult part was the configuration of Shibboleth IdP and the metadata file. Once you get that right as well as the certificates, it is not much to it.
So while there are examples out there (perhaps better written or more complete) I created my own and put it in GitHub. Check it out here: https://github.com/cduicu/SAML2Authn.
No comments:
Post a Comment