Saturday, April 18, 2015

URL format for Spring Security SAML extension

When accessing login URL for a Spring Security SAML based application you can use the following syntax:

https://fqdn-server/context-path/saml/login/alias/url-encoded-sp-alias-name?idp=url-encoded-idp-entity-id
  • url-encoded-sp-alias-name is the alias name of the desired Service Provider (the value of <property name="alias" value="sp-alias-name"/>
  • url-encoded-idp-entity-id is the entityId value (URL encoded) as defined in IDP meta-data <EntityDescriptor entityID="http://idp.ssocircle.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">, http%3A%2F%2Fidp.ssocircle.com in our case

There are at least two scenarios when this feature can be useful:

  • Having a single application for multiple companies, each one having it's own internal IDP implementation (each user will access the application through a specific URL containing the appropriate IDP as a query parameter)
  • Having a single configuration/single IDP but multiple deployment environments (like development, test, production); different SP aliases will be used to access a specific environment
V2hlbiBhY2Nlc3NpbmcgbG9naW4gYFVSTGAgZm9yIGEgU3ByaW5nIFNlY3VyaXR5IFNBTUwgYmFzZWQgYXBwbGljYXRpb24geW91IGNhbiB1c2UgdGhlIGZvbGxvd2luZyBzeW50YXg6DQoNCmBgYGh0bWwNCmh0dHBzOi8vZnFkbi1zZXJ2ZXIvY29udGV4dC1wYXRoL3NhbWwvbG9naW4vYWxpYXMvdXJsLWVuY29kZWQtc3AtYWxpYXMtbmFtZT9pZHA9dXJsLWVuY29kZWQtaWRwLWVudGl0eS1pZA0KYGBgDQoqIGB1cmwtZW5jb2RlZC1zcC1hbGlhcy1uYW1lYCBpcyB0aGUgYWxpYXMgbmFtZSBvZiB0aGUgZGVzaXJlZCBTZXJ2aWNlIFByb3ZpZGVyICh0aGUgdmFsdWUgb2YgYDxwcm9wZXJ0eSBuYW1lPSJhbGlhcyIgdmFsdWU9InNwLWFsaWFzLW5hbWUiLz5gDQoqIGB1cmwtZW5jb2RlZC1pZHAtZW50aXR5LWlkYCBpcyB0aGUgYGVudGl0eUlkYCB2YWx1ZSAoVVJMIGVuY29kZWQpIGFzIGRlZmluZWQgaW4gSURQIG1ldGEtZGF0YSBgPEVudGl0eURlc2NyaXB0b3IgZW50aXR5SUQ9Imh0dHA6Ly9pZHAuc3NvY2lyY2xlLmNvbSIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDptZXRhZGF0YSI+YCwgYGh0dHAlM0ElMkYlMkZpZHAuc3NvY2lyY2xlLmNvbWAgaW4gb3VyIGNhc2UNCg0KVGhlcmUgYXJlIGF0IGxlYXN0IHR3byBzY2VuYXJpb3Mgd2hlbiB0aGlzIGZlYXR1cmUgY2FuIGJlIHVzZWZ1bDoNCiogSGF2aW5nIGEgc2luZ2xlIGFwcGxpY2F0aW9uIGZvciBtdWx0aXBsZSBjb21wYW5pZXMsIGVhY2ggb25lIGhhdmluZyBpdCdzIG93biBpbnRlcm5hbCBJRFAgaW1wbGVtZW50YXRpb24gKGVhY2ggdXNlciB3aWxsIGFjY2VzcyB0aGUgYXBwbGljYXRpb24gdGhyb3VnaCBhIHNwZWNpZmljIFVSTCBjb250YWluaW5nIHRoZSBhcHByb3ByaWF0ZSBJRFAgYXMgYSBxdWVyeSBwYXJhbWV0ZXIpDQoqIEhhdmluZyBhIHNpbmdsZSBjb25maWd1cmF0aW9uL3NpbmdsZSBJRFAgYnV0IG11bHRpcGxlIGRlcGxveW1lbnQgZW52aXJvbm1lbnRzIChsaWtlIGRldmVsb3BtZW50LCB0ZXN0LCBwcm9kdWN0aW9uKTsgZGlmZmVyZW50IFNQIGFsaWFzZXMgd2lsbCBiZSB1c2VkIHRvIGFjY2VzcyBhIHNwZWNpZmljIGVudmlyb25tZW50
Posted by at

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )