Spring Security SAML Extension

Reference Documentation

Authors

Vladimír Schäfer

1.0.1.RELEASE


Table of Contents

I. Getting Started
1. Introduction
1.1. What this manual covers
1.2. When to use Spring Security SAML Extension
1.3. Features and supported profiles
1.4. Requirements
1.5. Source code
1.6. Builds
1.7. License
1.8. Issue tracking
1.9. Contributions
1.10. Commercial support
1.11. Community support
1.12. Dependencies
2. What's new
2.1. New features, improvements and fixes in 1.0.1.FINAL
2.2. New features, improvements and fixes in 1.0.0.FINAL
2.3. Important code changes in 1.0.0.FINAL
3. Glossary
4. Quick start guide
4.1. Pre-requisites
4.2. Installation steps
4.2.1. Downloading sample application
4.2.2. Configuration of IDP metadata
4.2.3. Generation of SP metadata
4.2.4. Compilation
4.2.5. Deployment
4.2.6. Uploading of SP metadata to the IDP
4.3. Testing single sign-on and single logout
II. Configuring SAML Extension
5. Overview
6. Integration to applications
6.1. Maven dependency
6.2. Bean definitions
6.3. Java-based configuration
6.4. Spring Security integration
6.5. Error handling
6.6. Logging
7. Metadata configuration
7.1. Service provider metadata
7.1.1. Automatic metadata generation
7.1.2. Pre-configured metadata
7.1.3. Downloading metadata
7.2. Identity provider metadata
7.2.1. File-based metadata provider
7.2.2. HTTP-based metadata provider
7.2.3. HTTP-based metadata provider with SSL
7.2.4. Metadata signature verification
7.3. Extended metadata
7.4. Multi-tenancy and entity alias
8. Security configuration
8.1. Key management
8.1.1. Sample JKS keystore
8.1.2. Generating and importing private keys
8.1.3. Importing public keys
8.1.4. Loading SSL/TLS certificates
8.2. Security profiles
8.2.1. Metadata interoperability profile (MetaIOP)
8.2.2. PKIX profile
8.2.3. Custom profile
8.3. Hostname verification for HTTPS connections
9. Single sign-on configuration
9.1. IDP selection and discovery
9.2. Single sign-on process
9.2.1. Service provider initialized SSO
9.2.2. Identity provider initialized SSO
9.3. Logout process
9.3.1. Local logout
9.3.2. Global logout
9.4. Authentication object
9.5. Authentication assertion
9.6. Authentication log
10. Advanced configuration
10.1. Reverse proxies and load balancers
10.2. Context provider
10.3. Validity intervals
10.4. Enhanced client/proxy
10.5. Endpoint URLs
10.6. Artifact resolution
III. Sample application
11. Sample application
11.1. SAML login
11.2. Metadata administration
11.3. Metadata generation
IV. Integration guide
12. Integrating Identity Providers
12.1. Active Directory Federation Services 2.0 (AD FS)
12.1.1. Initialize IDP metadata
12.1.2. Initialize SP metadata
12.1.3. Test SSO
12.2. Okta
12.2.1. Deploy Spring SAML sample application
12.2.2. Configure Okta
12.2.3. Import Okta metadata to Spring SAML
12.2.4. Test SSO
13. Troubleshooting common problems