Luis,
On 3/17/21 09:39, Luis Rodríguez Fernández wrote:
Hello Chris,
- Manually create DOM: agree with you, I would not go in that direction. I
did it years ago when I developed a logout servlet for weblogic. You can
have a look at the code here [1] and feel my pain :)
- Library: I remember testing opensaml [2], it was the most popular at that
time but it is not supported anymore :(
I am not sure what's your scenario, perhaps it is very specific and you do
not have any other choice than get your hands dirty and implement something
on your own. However if what you have in mind fits in this diagram [3] and
you are running in tomcat :) I would use keycloak [4], for us is working
great.
In the diagram, I want to perform step #5 and then have the UA perform
step 6 (well, I'll arrange for the UA to redirect, of course).
I'm not performing the authentication; I'm performing the signing and
another system is doing the authentication.
I've already implemented my own SP receiver for step #6, manually.
Key-selection sucks BTW when the SAML response doesn't contain any KeyInfo.
Thanks,
-chris
[1] https://github.com/cerndb/wls-cern-sso/tree/master/saml2slo
[2] https://stackoverflow.com/a/9080912/637409
[3]
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html#5.1.2.SP-Initiated%20SSO:%20%20Redirect/POST%20Bindings|outline
[4]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter
El mar, 16 mar 2021 a las 23:22, André Warnier (tomcat/perl) (<a...@ice-sa.com>)
escribió:
Alternatively, see this :
https://wiki.shibboleth.net/confluence/display/SP3/JavaHowTo
On 16.03.2021 21:18, Christopher Schultz wrote:
Robert,
On 3/16/21 14:33, Robert Turner wrote:
Chris,
I'm not sure if it will do what you want, but when sourcing Java-based
SAML
libraries for our use as an SP, I too found that most of the libraries
were
much larger and more complicated that I thought necessary. We went with
the
(limited but simple to use) OneLogin libraries for our use case. It
doesn't
do everything by any means, but was considerably smaller and simpler
than
most packages out there.
I did see the OneLogin library. You mean this one, right?
https://github.com/onelogin/java-saml
Is there anything tied to any particular service for that? Or do they
simply give-away
their library for use anywhere?
Thanks,
-chris
On Tue, Mar 16, 2021 at 1:55 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
All,
I've got a system which is accepting one-legged, signed SAML responses
from trusted third parties and going all the right things. It's working
great.
It's time to look at doing the opposite: assembling our own SAML
responses, signing them, and sending them to another party.
I'm sure I could manually create a DOM document with all the right
namespaces, add the various values that I need, and then use XML DSIG
using the bits and pieces that are provided by Java directly, but
there's got to be a nice compact library that doesn't require me to
download the entire internet in order to use in my product.
Any recommendations?
Thanks,
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
