|
1 | | -= SAML 2.0 Login & Logout Sample |
| 1 | += A Sample Identity Provider |
2 | 2 |
|
3 | | -This guide provides instructions on setting up this SAML 2.0 Login & Logout sample application. |
4 | | -It uses https://simplesamlphp.org/[SimpleSAMLphp] as its asserting party. |
| 3 | +This sample by default uses Docker to stand up two sample IdPs, each with one asserting party and multiple relying parties registered. |
| 4 | +This allows you to explore different arrangements between multiple relying parties and asserting parties. |
5 | 5 |
|
6 | | -The sample application uses Spring Boot and the `spring-security-saml2-service-provider` |
7 | | -module which is new in Spring Security 5.2. |
| 6 | +To ensure that there are no issues with sharing cookies between the Identity Provider and Service Provider applications, the application uses `nip.io` hostnames. |
| 7 | +The first identity provider can be reached by navigating to `http://idp-one.7f000001.nip.io`. |
| 8 | +The second identity provider can be reached by navigating to `http://idp-two.7f000001.nip.io`. |
8 | 9 |
|
9 | | -The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[SAML 2.0 Logout feature] is new in Spring Security 5.6. |
10 | | - |
11 | | -== Goals |
12 | | - |
13 | | -=== SAML 2.0 Login |
14 | | - |
15 | | -`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation. |
16 | | - |
17 | | -The following features are implemented in the MVP: |
18 | | - |
19 | | -1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security |
20 | | -2. Send a SAML 2.0 AuthNRequest to an Identity Provider |
21 | | -3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration |
22 | | -4. Work against the Okta SAML 2.0 IDP reference implementation |
23 | | - |
24 | | -=== SAML 2.0 Single Logout |
25 | | - |
26 | | -`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation. |
27 | | - |
28 | | -On this sample, the SAML 2.0 Logout is using the HTTP-POST binding. |
29 | | - |
30 | | -You can refer to the https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[reference documentation] for more details about the RP- and AP-initiated SAML 2.0 Logout. |
31 | | - |
32 | | -== Run the Sample |
33 | | - |
34 | | -=== Start up the Sample Boot Application |
35 | | -``` |
36 | | - ./gradlew :servlet:spring-boot:java:saml2:login:bootRun |
37 | | -``` |
38 | | - |
39 | | -=== Open a Browser |
40 | | - |
41 | | -http://localhost:8080/ |
42 | | - |
43 | | -You will be redirect to the Okta SAML 2.0 IDP |
44 | | - |
45 | | -=== Type in your credentials |
46 | | - |
47 | | -``` |
48 | | -User: testuser2@spring.security.saml |
49 | | -Password: 12345678 |
50 | | -``` |
| 10 | +To change how the IdP is configured, you can go to the sibling `identity-provider` project and edit the following files: |
51 | 11 |
|
| 12 | +* `one-relyingparties.php` - the list of relying parties that `idp-one` knows about |
| 13 | +* `two-relyingparties.php` - the list of relying parties that `idp-two` knows about |
0 commit comments