Java 面向初学者的 SAML 简单示例
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18801299/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SAML simple example for beginners
提问by user2779075
I am beginner to the SAML v2.0 technology and I get the theory knowledge but I didn't find any examples on Google. Can anybody provide me with a step by step example for simple "SAML for v2.0".
我是 SAML v2.0 技术的初学者,我掌握了理论知识,但我没有在 Google 上找到任何示例。任何人都可以为我提供一个简单的“SAML for v2.0”的分步示例。
- Upto now I've gone through the theory part,i.e.., it support Single sign onand
also I understood about the Service providerand Identity Provider. - Presently I am working on Linux Environment
- I need basic example in step by step manner how the request is moving from user -> Identity Provider->Service Providerand how to configure the environment .
- Is it possible to execute the example for the SAML v2.0
- Is their any chance to execute SAML example in Java language,If it possible you can
provide the example on Java also.
- 到目前为止,我已经完成了理论部分,即它支持单点登录,并且
我了解了Service provider和Identity Provider。 - 目前我正在Linux 环境中工作
- 我需要逐步了解请求如何从用户 -> 身份提供者 -> 服务提供者以及如何配置环境的基本示例。
- 是否可以执行 SAML v2.0 的示例
- 他们是否有机会用 Java 语言执行 SAML 示例,如果可能,您也可以
提供 Java 上的示例。
回答by Stefan Rasmusson
Typical SSO with SAML is something called Web SSO Profile. There are many products supporting this on the market for example OpenAM, Shibboleth, OpenSAML and Oracle Identity Federation. The specific configuration is dependant on what product you choose to use. A working example of OpenSAML that I use in my book is availible here.
使用 SAML 的典型 SSO 称为 Web SSO 配置文件。市场上有许多支持此功能的产品,例如 OpenAM、Shibboleth、OpenSAML 和 Oracle Identity Federation。具体配置取决于您选择使用的产品。我在书中使用的 OpenSAML 工作示例可在此处获得。
On a SAML level, the SP and IDP exchanges Metadata which contain configuration information on how the SP and IDP want to communicate.
在 SAML 级别,SP 和 IDP 交换元数据,其中包含有关 SP 和 IDP 如何通信的配置信息。
SSO is then done in four steps:
然后分四步完成 SSO:
- SP sees that the user does not have an authenticated session.
- The SP redirects the user to IDP with a SAML AutnRequest as an URL parameter.
- The IDP authenticates the user and redirects it back to the SP with an artifact in URL parameter.
- The SP exchanges the Artifact for an Assertion over SOAP using a ArtifactResolveRequest to the IDP.
- SP 发现用户没有经过身份验证的会话。
- SP 使用 SAML AutnRequest 作为 URL 参数将用户重定向到 IDP。
- IDP 对用户进行身份验证,并使用 URL 参数中的工件将其重定向回 SP。
- SP 使用到 IDP 的 ArtifactResolveRequest 将 Artifact 交换为 SOAP 上的断言。
If you want to code this yourself in Java, you can use OpenSAML. On my blogI have many examples on how to use it.
如果你想用 Java 自己编写代码,你可以使用 OpenSAML。在我的博客上,我有很多关于如何使用它的例子。
In my book, A Guide To OpenSAML, I write alot about this
在我的书A Guide To OpenSAML 中,我写了很多关于这个
EDIT New edition of the bookis out, covering OpenSAML v3
编辑本书的新版本已经出版,涵盖了 OpenSAML v3
回答by Vladimír Sch?fer
You can simply follow steps in this manual, which will help you create a simple SAML 2.0 federation between a local Service Provider and a public Identity Provider.
您可以简单地按照本手册中的步骤操作,这将帮助您在本地服务提供商和公共身份提供商之间创建一个简单的 SAML 2.0 联盟。
Once you set this up you can use it to follow messages sent between IDP/SP and also as an example of a SAML component built with Java + OpenSAML + Spring.
设置完成后,您可以使用它来跟踪 IDP/SP 之间发送的消息,也可以作为使用 Java + OpenSAML + Spring 构建的 SAML 组件的示例。
There are also many other good sources of information on SAML, like the Stefan's blog mentioned above.
还有许多其他关于 SAML 的良好信息来源,例如上面提到的 Stefan 的博客。
