11. Sample application

Spring SAML includes a sample application which demonstrates key capabilities of this product. For details on compilation and deployment of the sample application please see Chapter 4, Quick start guide.

Public demo of the sample application is available at saml-federation.appspot.com

11.1 SAML login

Sample application demonstrates usage of IDP discovery which is automatically invoked on access to the application root. Discovery presents selection of all available Identity Providers and initiates SAML 2.0 single sign-on with the selected IDP after clicking on the "Start single sign-on" button.

After authentication at IDP, sample application displays information about the received and validated assertion, or displays errors encountered during validation.

Clicking buttons "Global Logout" and "Local Logout" initializes the logout process as described in Section 9.3, “Logout process”.

11.2 Metadata administration

Sample application contains an administration UI which enables simple monitoring and administrative use-cases. You can access the UI by clicking on "Metadata Administration" button.

Administration part is secured with role ROLE_ADMIN and uses local authentication with default username admin and password admin. As Spring Security allows only one authentication to be currently active, authenticating to administration UI will remove any previous SAML authentication from the security context.

Metadata administration enables the following operations:

  • Displaying of existing identity provider and service provider entities by clicking on their identifier. Information includes content of the metadata and extended metadata for the entity.

  • Displaying of existing metadata providers and possibility to remove them.

  • Refreshing of all metadata providers by clicking on button "Refresh metadata".

  • Generation of new metadata by clicking on "Generate new service provider metadata".

11.3 Metadata generation

Metadata generator allows dynamic creation of service provider metadata based on values provided in the UI. Metadata can be immediately applied to the currently running instance by setting "Store for current session" option to "Yes".

Options available in the interface are discussed in Section 7.1.1, “Automatic metadata generation” and Section 7.3, “Extended metadata”. The generated values can be used as input for pre-configured metadata described in Section 7.1.2, “Pre-configured metadata”.