Hello, 2014-09-11 14:26 GMT+02:00 Maarten van Hulsentop <maar...@vanhulsentop.nl>: > Dear Tomcat-users, > > We are investigating the best way to support SAML 2.0 (SP) authentication > with our application. Our application is using container managed > authentication provided by Tomcat, and works very well with basic > authentication, form authentication, SPnego and others. > > My expectation would be that it should be possible to add a Valve and a > Realm and have a 3rd party tool supply the SAML2 Relying Party > implementation. > > So far, we have identified a couple of possible candidates. > - Apache CXF Fediz. This project still seems young, but the integration > would be as i expect. > - Spring security might be possible to wrap into a Valve and Realm? > - Picketlink? As stated on > https://docs.jboss.org/author/display/PLINK/SAML+Authenticators+(Tomcat,JBossAS) > - Very own Tomcat support not there yet? > https://issues.apache.org/bugzilla/show_bug.cgi?id=54503 > - Shibbolth (on HTTPD, remote user passed through AJP) > > Until now we have been using the Shibbolth/HTTPd implementation, but from > Tomcat perspective this is not very 'pure'. We would like to configure it > all in one place, Tomcat.
At work, with exactly the same requirement, we used OIOSAML[1] which has been transformed as a custom tomcat authenticator (from the filter). It works quite well within our organisation with the Shibboleth IDP. There is also an enhancement request on bugzilla on that topic. [2] which seems to prefer adding JASPI(C) to tomcat to add SAML. [1] http://digitaliser.dk/resource/2582561 [2] https://issues.apache.org/bugzilla/show_bug.cgi?id=54503 Cédric --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org