Spring Security SAML Extension

Reference Documentation

Authors

Vladimír Schäfer

1.0.0.RC3-SNAPSHOT


Table of Contents

I. Getting Started
1. Introduction
1.1. What this manual covers
1.2. When to use Spring Security SAML Extension
1.3. Features and supported profiles
1.4. Requirements
1.5. Source code
1.6. Builds
1.7. License
1.8. Support
2. Glossary
3. Quick start guide
3.1. Pre-requisites
3.2. Installation steps
3.2.1. Compilation of the module
3.2.2. Configuration of IDP metadata
3.2.3. Generation of SP metadata
3.2.4. Deployment
3.2.5. Uploading of SP metadata to the IDP
3.3. Testing single sign-on and single logout
II. Configuring SSO with SAML
4. Configuration and integration
4.1. Overview
4.2. Integration to applications
4.2.1. Maven dependency
4.2.2. Bean definitions
4.2.3. Spring Security integration
4.3. Metadata configuration
4.3.1. Service provider metadata
Automatic metadata generation
Pre-configured metadata
Downloading metadata
4.3.2. Identity provider metadata
File-based metadata provider
HTTP-based metadata provider
Metadata signature verification
4.3.3. Extended metadata
4.4. Entity alias
4.5. Key management
4.5.1. Sample keystore
4.5.2. Generating and importing private keys
4.5.3. Importing public keys
4.5.4. Loading SSL/TLS certificates
4.6. Security profiles
4.6.1. Metadata interoperability profile (MetaIOP)
4.6.2. PKIX profile
4.6.3. Custom profile
4.7. Hostname verification for HTTPS connections
4.8. Reverse proxies and load balancers
4.9. IDP selection and discovery
4.10. Single sign-on process
4.11. Logout process
4.11.1. Local logout
4.11.2. Global logout
4.12. Authentication object
4.13. Authentication log
4.14. Context provider
4.15. Error handling
4.16. Validity intervals
4.17. Enhanced client/proxy
5. Administration user interface
6. IDP integration guide
6.1. Active Directory Federation Services 2.0 (AD FS)
6.1.1. Initialize IDP metadata
6.1.2. Initialize SP metadata
6.1.3. Test SSO
7. Troubleshooting
7.1. Logging
7.2. Common problems
A. Configuration reference
A.1. Extended metadata
A.2. Web SSO profile options
A.3. Time check reference