[ACCEPTED]-Web SSO using Java and SAML 2.0-saml
You can try the OpenSAML project; it provides a Java library 1 for creating and validating SAML tokens.
You could take a look at 2 products:
- JOSSO: http://www.josso.org
- OpenAM, which is a fork of Sun's OpenSSO since Oracle decided to kill it: http://forgerock.com/openam.html
Both 14 have a rather impressive features list and 13 offer a wide list of SSO agents.
The main 12 benefit of the agent approach is that you 11 don't have to care in your application about 10 the authentication process as it is handled 9 by the agent and the SSO infrastructure.
If 8 you're going to develop your own SAML2 Service 7 Provider, using OpenSAML is the way to go. The 6 downside is that this library is not that 5 well documented. Nevertheless you should 4 find easily some tutorials on OpenSAML on 3 the web.
You could implement it for example 2 as a servlet filter, so that your application 1 code is not tied to SAML.
Having recently implemented SAML authentication 8 for an application I found the most useful 7 information in the OASIS SAML2 technical 6 overview document. It's very readable and 5 contains real examples of the XML messages 4 that are passed.
Section 5.1 describes the 3 interaction of having YOUR application (service 2 provider or SP) request authentication to 1 a remote identity provider (Idp).
Providing more up to date answer since this 6 hasn't been visited in a while:
If you're 5 doing a spring project already I've had 4 success with Spring Security SAML. You do 3 not have to be securing your app with Spring 2 Security to use the SAML extension, though 1 it make it a bit easier.
More Related questions