Spring Boot-based sample Service Provider by using Spring Security SAML extension 
References
Spring Boot
Spring Boot makes it easy to create Spring-powered, production-grade applications and services with absolute minimum fuss. It takes an opinionated view of the Spring platform so that new and existing users can quickly get to the bits they need.
Spring Security SAML Extension
Spring SAML Extension allows seamless inclusion of SAML 2.0 Service Provider capabilities in Spring applications. All products supporting SAML 2.0 in Identity Provider mode (e.g. ADFS 2.0, Shibboleth, OpenAM/OpenSSO, Ping Federate, Okta) can be used to connect with Spring SAML Extension.
Project description
Currently Spring Security SAML module doesn't provide a starter for Spring Boot. Moreover, its configuration is XML-based as of this writing. The aim of this project is to explain how to develop a Service Provider (SP) which uses Spring Boot (1.4.0.RELEASE) and Spring Security SAML Extension (1.0.2.RELEASE), by defining an annotation-based configuration (Java Configuration). Thymeleaf is also used as template engine.
SSOCircle (ssocircle.com) is used as public Identity Provider for test purpose.
- Author: Vincenzo De Notaris (dev@vdenotaris.com)
- Website: vdenotaris.com
- Version:
1.4.0.RELEASE - Date: 2016-09-09
Thanks to Vladimír Schäfer (github.com/vschafer) for supporting my work.
Unit tests
I would like to say thank you to Alexey Syrtsev (github.com/airleks) for his contribution on unit tests.
| Metric | Result |
|---|---|
| Coverage % | 99% |
| Lines Covered | 196 |
| Total Lines | 199 |
Useful notes
-
Sometimes SSO Circle could display you an error during the authenticaton process. In this case, please update your federation metadata directly on https://idp.ssocircle.com:
Manage Metadata > Service Provider Metadata
Remove the current record and add a new one, using your FQDN and providing a new copy of your metadata: your can retrieve them at http://localhost:8080/saml/metadata.
-
When the project version corresponds with the Spring Boot parent version, Maven may give you a warning as follows:
Version is duplicate of parent version.
Actually there is nothing wrong with the used configuration, thus you can just ignore that message.
###License
Copyright 2016 Vincenzo De Notaris
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.