convert java webapp to use SAML2 authentication

Question

I'm having some problems trying to understand how to accomplish this task:

1) existing simple webapp with database authentication. (simple custom code)

2) convert simple webapp to use SAML2 authentication to an external IDP (such as google apps(?))

I believe the terms are to turn my webapp into a service provider (SP) for SAML2, register my SP with the IDP.

But I'm stuck on the very beginning, I was hoping to include apache shiro, or spring security, or picketlink with some stock configuration (say to google apps IDP) to at least get started, but I'm not seeing anything like that.

(it doesn't have to be google apps, just the only public IDP that is SAML2 that I'm aware of, other examples of free online IDP that use SAML2 that can be registered for dev/testing would be great (I do not want to setup/stuck spending all my time seeting up an IDP until I can confirm the apps can be ready))

Please help!

Answer 1

While you've find a number of custom code related solutions - if you have a customer accessing your application you could also check out PingOne APS. It's the first (and AFAIK only) SAML-as-a-Service for Cloud App providers. Just a RESTful API integration and it handles all the heavy SAML. [Note: I do work for Ping]

HTH - Ian

Answer 2

Basically you need to add a SAML stack to your java application.

You could use the Java Oracle OpenSSO Fedlet or the Spring Security - SAML Extension.