Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/alokkusingh/saml

SAML Identity Provider and Service Provider implementation using Spring Security
https://github.com/alokkusingh/saml

java rsa-key-encryption rsa-key-pair rsa-key-signing saml saml-authentication saml-identity-provider saml-idp saml-service-provider saml-sp-single-sign-on spring-boot spring-security x509

Last synced: 14 days ago
JSON representation

SAML Identity Provider and Service Provider implementation using Spring Security

Awesome Lists containing this project

README 

        
[![Build Status](https://travis-ci.org/alokkusingh/saml.svg?branch=master)](https://travis-ci.org/github/alokkusingh/saml)

[![GitHub issues](https://img.shields.io/github/issues/alokkusingh/saml.svg)](https://github.com/alokkusingh/saml/issues)

[![GitHub issues closed](https://img.shields.io/github/issues-closed-raw/alokkusingh/saml.svg?maxAge=2592000)](https://github.com/alokkusingh/saml/issues?q=is%3Aissue+is%3Aclosed)



# SAML - Identity Provider and Service Provider Services

## Meta Data

`IdP` and `SPS` both the services provide SAML meta data interface to negotiate the service.

### 1. IdP Meta Data API

This meta data API can be integrated with `SPS` to get service negotiation.

```

http://localhost:8081/alok-idp/saml/idp/metadata

```

### 2. SPS Meta Data API

This meta data API can be integrated with `IdP` to get service negotiation.

```

http://localhost:8082/hello-sp/saml/sp/metadata

```

## Supported SAML Flows

### 1. SPS Flow

SAML authentication initiated by `IdP`.

- `SPS` - SPS sends **SAML Request** to `IdP`

- `IdP` authenticate the user and responds with **SAML Response**



![](https://techdocs.akamai.com/eaa/img/saml-flow-sp-v1.png)



Usecase:

- TBD



### 2. IdP Flow

SAML authentication initiated by `SPS`.

- `IdP` - IdP directly sends **SAML Response** to `SPS`. No **SAML Request** generated.



![](https://techdocs.akamai.com/eaa/img/saml-flow-v1.png)



Usecase: 

- Signle Sign-on - if we want to embed a secure web page provided by guest application (will act as 

        SPS service) as iFrame to the web page provided by host application (will act as IdP service). The Guest server 

        validates the user credentials as part of login process and the same time generates SAML Response for guest 

        application. When loading guest application web page to the Web page (as iFrame) the SAML Reponse shall be sent 

        to guest application. Guest application shall use SAML Response to Authenticate/Authorize user without asking 

        additinal credentials from user. Seamless single sign-on takes place.



## IdP and SPS RSA Keys and Certificate

Both the services sign and encrypt Metadata/SAML Request/SAML Response.



### 1. IdP RSA Private Key and Cert Generation



#### 1.1 Generate Private Key and CSR Request

```shell

openssl req -new -newkey rsa:4096 -nodes -keyout IdP_pkcs8.key -out IdP.csr

```

Note: no pwd



#### 1.2 To pkcs1

```shell

openssl rsa -in IdP_pkcs8.key -out IdP_pkcs1.key

```

#### 1.3 Sign Certificate

```shell

openssl x509 -req -CA rootCA_Alok.crt -CAkey rootCA_Alok.key -in IdP.csr -out IdP.crt -days 365 -CAcreateserial

```



### 2. SPS RSA Private Key and Cert Generation

#### 2.1 Generate Private Key and CSR Request

```shell

openssl req -new -newkey rsa:4096 -nodes -keyout saml_spcs_pkcs8.key -out saml_spcs.csr

```

Note: no pwd

#### 2.2 To pkcs1

```shell

openssl rsa -in saml_spcs_pkcs8.key -out saml_spcs_pkcs1.key

```

#### 2.3 Sign Certificate

```shell

openssl x509 -req -CA rootCA_Alok.crt -CAkey rootCA_Alok.key -in saml_spcs.csr -out saml_spcs.crt -days 365 -CAcreateserial

```