Hello,

2014-09-11 14:26 GMT+02:00 Maarten van Hulsentop <maar...@vanhulsentop.nl>:
> Dear Tomcat-users,
>
> We are investigating the best way to support SAML 2.0 (SP) authentication
> with our application. Our application is using container managed
> authentication provided by Tomcat, and works very well with basic
> authentication, form authentication, SPnego and others.
>
> My expectation would be that it should be possible to add a Valve and a
> Realm and have a 3rd party tool supply the SAML2 Relying Party
> implementation.
>
> So far, we have identified a couple of possible candidates.
> - Apache CXF Fediz. This project still seems young, but the integration
> would be as i expect.
> - Spring security might be possible to wrap into a Valve and Realm?
> - Picketlink? As stated on
> https://docs.jboss.org/author/display/PLINK/SAML+Authenticators+(Tomcat,JBossAS)
> - Very own Tomcat support not there yet?
> https://issues.apache.org/bugzilla/show_bug.cgi?id=54503
> - Shibbolth (on HTTPD, remote user passed through AJP)
>
> Until now we have been using the Shibbolth/HTTPd implementation, but from
> Tomcat perspective this is not very 'pure'. We would like to configure it
> all in one place, Tomcat.

At work, with exactly the same requirement, we used OIOSAML[1] which
has been transformed as a custom tomcat authenticator (from the
filter). It works quite well within our organisation with the
Shibboleth IDP.

There is also an enhancement request on bugzilla on that topic. [2]
which seems to prefer adding JASPI(C) to tomcat to add SAML.

[1] http://digitaliser.dk/resource/2582561
[2] https://issues.apache.org/bugzilla/show_bug.cgi?id=54503

Cédric

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to