Spring Security SAML Extension

Reference Documentation

Authors

Vladimír Schäfer

1.0.0.RC3-SNAPSHOT


Table of Contents

I. Getting Started
1. Introduction
1.1. What this manual covers
1.2. When to use Spring Security SAML Extension
1.3. Features and supported profiles
1.4. Requirements
1.5. Source code
1.6. Builds
1.7. License
1.8. Issue tracking
1.9. Contributions
1.10. Commercial support
1.11. Community support
2. Glossary
3. Quick start guide
3.1. Pre-requisites
3.2. Installation steps
3.2.1. Compilation of the module
3.2.2. Configuration of IDP metadata
3.2.3. Generation of SP metadata
3.2.4. Deployment
3.2.5. Uploading of SP metadata to the IDP
3.3. Testing single sign-on and single logout
II. Configuring SAML Extension
4. Overview
5. Integration to applications
5.1. Maven dependency
5.2. Bean definitions
5.3. Spring Security integration
5.4. Error handling
5.5. Logging
6. Metadata configuration
6.1. Service provider metadata
6.1.1. Automatic metadata generation
6.1.2. Pre-configured metadata
6.1.3. Downloading metadata
6.2. Identity provider metadata
6.2.1. File-based metadata provider
6.2.2. HTTP-based metadata provider
6.2.3. HTTP-based metadata provider with SSL
6.2.4. Metadata signature verification
6.3. Extended metadata
6.4. Multi-tenancy and Entity alias
7. Security configuration
7.1. Key management
7.1.1. Sample keystore
7.1.2. Generating and importing private keys
7.1.3. Importing public keys
7.1.4. Loading SSL/TLS certificates
7.2. Security profiles
7.2.1. Metadata interoperability profile (MetaIOP)
7.2.2. PKIX profile
7.2.3. Custom profile
7.3. Hostname verification for HTTPS connections
8. Single sign-on configuration
8.1. IDP selection and discovery
8.2. Single sign-on process
8.2.1. Service provider initialized SSO
8.2.2. Identity provider initialized SSO
8.3. Logout process
8.3.1. Local logout
8.3.2. Global logout
8.4. Authentication object
8.5. Authentication log
9. Advanced configuration
9.1. Reverse proxies and load balancers
9.2. Context provider
9.3. Validity intervals
9.4. Enhanced client/proxy
III. Administration user interface
10. Administration user interface
IV. IDP integration guide
11. Active Directory Federation Services 2.0 (AD FS)
11.1. Initialize IDP metadata
11.2. Initialize SP metadata
11.3. Test SSO
12. Troubleshooting common problems