integrating spring security and saml - join 2014

Ordina JOIN 2014 Ken Coenen @CoenenKen Senior Java Developer Architecture & Best Practices Competence Lead at Ordina Integrating Spring Security and SAML

Upload: jworks-powered-by-ordina

Post on 14-Apr-2017

538 views

Category:

Education

5 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Integrating spring security and SAML - JOIN 2014

Ordina JOIN 2014

Ken Coenen@CoenenKen

Senior Java DeveloperArchitecture & Best Practices Competence Lead at Ordina

Integrating Spring Security and SAML

SAML

What is SAML?

▪ Security Assertion Markup Language▪ XML protocol▪ Approved standard▪ SAML 2.0 dates from March 2005▪ Used for eg. Single Sign-On (SSO)

Page 4: Integrating spring security and SAML - JOIN 2014

SAML overview

▪ Identity Provider (IDP)Authenticating party

▪ Service Provider (SP)Relies on the IDP and provides a service

▪ Circle of Trust (COT)Group of trusted SPs

Page 5: Integrating spring security and SAML - JOIN 2014

SAML sequence

1. User requests access to a service

2. Redirect to IDP logon page3. POST to IDP4. Redirect to application5. User can access any

application in the Circle of Trust

Spring Security

What is Spring Security?

▪ Part of the Spring frameworkhttp://projects.spring.io/spring-security/

▪ Provides dozens of customizable security features▪ Authentication and Authorization

→ For now we’ll focus on authentication

▪ Support for a wide range of authentication models▪ Possible to write your own

→ That’s what we’ll do!

http://projects.spring.io/spring-security/

Page 8: Integrating spring security and SAML - JOIN 2014

Authentication Concepts

▪ Filter Chain▪ Security rules for your application

▪ Entry Point▪ How an unauthenticated user tries to access secured resources▪ eg. Form login, OpenID, basic authentication, ...

▪ Manager▪ Manages authentication requests▪ Uses AuthenticationProvider and User Details Service

Page 9: Integrating spring security and SAML - JOIN 2014

Putting the pieces together

Page 10: Integrating spring security and SAML - JOIN 2014

Include Maven dependencies

Check latest dependencies on http://projects.spring.io/spring-security/

http://projects.spring.io/spring-security/

Page 11: Integrating spring security and SAML - JOIN 2014

Include Maven dependencies (2)

OpenAM library to interpret SAML assertion and perform redirects

Page 12: Integrating spring security and SAML - JOIN 2014

Map Spring Security filter in web.xml

▪ Let your J2EE application know we’re using Spring Security

Page 13: Integrating spring security and SAML - JOIN 2014

Authentication Filter Chain

Page 14: Integrating spring security and SAML - JOIN 2014

Filter Chain

Triggered if not authenticated

1. Redirect to IDP

2. Process SAMLassertion

Page 15: Integrating spring security and SAML - JOIN 2014

▪ Extends GenericFilterBean

Request initiator

Redirect to the IDP

Page 16: Integrating spring security and SAML - JOIN 2014

Process the SAML response

▪ Extends AbstractAuthenticationProcessingFilter

Wrap our SAML assertion in a PreAuthenticated-AuthenticationToken in the request parameters

Page 17: Integrating spring security and SAML - JOIN 2014

Processes Authentication object

Authentication Manager

Triggers the User Details Service to authenticate the user

Interpret SAML attributes

Page 18: Integrating spring security and SAML - JOIN 2014

▪ Extends AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>

▪ Maps SAML assertions to Spring privileges

Custom User Details Service

Page 19: Integrating spring security and SAML - JOIN 2014

Q&A

Magento ADMIN SAML Extension User Guide€¦ · Magento ADMIN SAML Extension User Guide 1Introduction Magento ADMIN SAML extension adds SAML Single Sign On support on the admin login

Introduction to SAML

SAML 2.0 – Standard-of-choice in the Public Sector...SAML 2.0 - An Overview SAML V1.1 ID-FF V1.1 (Liberty Federation) Shib 1.0/1.1 APIs SAML V1.0 SAML V2.0 “P has e 1” ID-FF

Bindings for SAML 2.0 - OASISdocs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf · 1 Introduction This document specifies SAML protocol bindings for the use of SAML assertions

Introduction to SAML - Virginia Techkafura/cs6204/Readings/SAMLSlides.pdf– SAML Overview – SAML Assertions – Producers and Consumers of Assertions – Message Exchange Protocol

Spring Security SAML Extension · Spring Security SAML Extension 1.0.0.RELEASE Spring Security SAML Extension iii 7.3. Extended metadata

(SAML) V1.1

SAML - cs.auckland.ac.nz€¦ · SAML Components PROFILES (How SAML protocols, bindings and/or assertions combined to support a defined use case) BINDINGS (How SAML protocols map

SAML and XACML Overview - ITU · SAML 2.0 Specification Suite • Conformance Requirements • Required “Operational Modes” for SAML implementations • Assertions and Protocols

SAML Authentication with BlackShield Cloud - SafeNet Management...A Brief Introduction to SAML ... SAML Authentication with BlackShield Cloud How does SAML Work?0F 10 Google Apps and

Maler Saml Basics

SAML Version 2.0 Errata 05docs.oasis-open.org/security/saml/v2.0/sstc-saml...SAML Version 2.0 Errata 05 ... 2 6

Meraki SAML Authentication - Home | MCNC · Objectives ! What is SAML? ! Benefits of SAML authentication ! Enabling SSO for WiFi logins ! Enabling SAML for Meraki Dashboard Authentication

Integrating Okta with Citrix NetScaler SAML IDP · PDF fileCitrix.com 1 Solution Guide Solution Guide Integrating Okta with Citrix NetScaler SAML IDP This guide focuses on defining

Chapter 4 SAML application scripting - Centrify 4 SAML application scripting ... For an introduction to SAML, try the overviews provided at saml-introduction

Integrating Oracle Access Manager with Citrix NetScaler · PDF fileIntegrating Oracle Access Manager with Citrix NetScaler as SAML IDP ... OAM should be configured to use ... Integrating

SAML Single Sign-On - Cisco · SAMLSingleSign-On ThischapterprovidesinformationabouttheSecurityAssertionMarkupLanguage(SAML)SingleSign-On …

SAML Config

Integrating PingFederate with Citrix NetScaler as SAML SP · Citrix NetScaler as SAML SP ... Integrating PingFederate with Citrix NetScaler as SAML SP ... PingFederate by enabling

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

saml-metadata-2.0-os.pdf - OASISdocs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf · 2 Metadata for SAML V2.0 SAML metadata is organized around an extensible collection

Falcon　authentication saml

Saml Claims Sps2013

SAML and OAUTH Technologies WebSphere Application Server€¦ · SAML and OAUTH Technologies WebSphere Application Server ... SAML Web Services Token ... 3 The signature of the SAML

Privileged Identity Supported Systems and Platforms · SupportedProviders OKTASAML OneLogin(SAML) PingOne(SAML) SalesForce(OAuth) SAML(anySAMLcompliantvendor) Multi-FactorProviders

SAML Integration

SAML & SAML Federations

What | Why | How SAML 101 Assertion Markup Language (SAML) 101 CONTENTS Introduction What is SAML? The Use Cases The Advantages The Components The Security Echoworx Supports SAML

JSS Single Sign On Plugin 4.0: Integrating with Ping Federate · Case study: Integrating with Ping Federate J System Solutions ... use the SAML POST profile, which is the most common

SAML Attribute Sharing Profile for X.509 Authentication-Based Systemsdocs.oasis-open.org/security/saml/Post2.0/sstc-saml-x509... · 2008-12-22 · 1 Introduction The SAML V2.0 Attribute

ComponentSpace SAML v2.0 Configuration Guide SAML v2.0 Configuration Guide 1 Introduction The ComponentSpace SAML v2.0 component is a .NET standard class library that provides SAML

Integrating Okta with Citrix NetScaler Unified Gateway ... · PDF fileCitrix.com 1 Solution Guide Solution Guide Integrating Okta with Citrix NetScaler Unified Gateway SAML IDP. This

VMworld 2013: Integrating Enterprise Application with SAML to VMware Horizon Workspace

Security Assertion Markup Language (SAML) V2.0 …docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech...1 Introduction The Security Assertion Markup Language (SAML) standard defines

SAML Smackdown