Versions Compared

Old Version 4

changes.mady.by.user Hirenkumar Babariya

Saved on

compared with

New Version 5

changes.mady.by.user Hirenkumar Babariya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Central AUTH Application Side

...

  1. Set required Saml properties use information get from azure provider

    1. Related to SAML Info

      1. Needed To Update below details As per your credentials

    2. Code Block
      #NeededToUpdate : Saml info update Start
auth.holdingEntityId=spn:a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
auth.assertingEntityId=https://sts.windows.net/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/
auth.alias=ps-ad
auth.samlLoginUrl=https://login.microsoftonline.com/j52c9ea1-7c21-47b1-82a3-33a74b1f9832/federationmetadata/2007-06/federationmetadata.xml?appid=a74f37bd-de4d-4eb1-954d-445a2ca2a6e8
#NeededToUpdate : Saml info update End

    3. Related to SAML 2 Code - Same As Per Mention in Properties

      Code Block
      spring.security.saml2.serviceProvider.alias=${auth.alias}
spring.security.saml2.serviceProvider.signMetadata=false
spring.security.saml2.serviceProvider.signRequests=false
spring.security.saml2.serviceProvider.encryptAssertions=false
spring.security.saml2.serviceProvider.singleLogoutEnabled=true
spring.security.saml2.serviceProvider.wantAssertionsSigned=true
spring.security.saml2.serviceProvider.entityId=${auth.holdingEntityId}
spring.security.saml2.serviceProvider.basePath=${auth.baseUrl}${server.servlet.context-path}
spring.security.saml2.serviceProvider.nameIds=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
spring.security.saml2.serviceProvider.keys.active.name=sp-signing-key-1
spring.security.saml2.serviceProvider.providers[0].alias=${auth.alias}
spring.security.saml2.serviceProvider.providers[0].skipSslValidation=true
spring.security.saml2.serviceProvider.providers[0].metadata=${auth.samlLoginUrl}
spring.security.saml2.serviceProvider.providers[0].authenticationRequestBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

auth.samlMaxAuthenticationAgeMillis=604800000
auth.nameId=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
auth.logoutEmailQueryParam=email
auth.loginCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/discovery?idp=${auth.assertingEntityId}
auth.logoutCallback=${auth.baseUrl}${server.servlet.context-path}/saml/sp/logout?${auth.logoutEmailQueryParam}=%s
auth.defaultRedirectToAfterLogout=${auth.baseUrl}${server.servlet.context-path}/hello
auth.defaultRedirectToAfterLogin=${auth.baseUiUrl}/login/status
auth.loginSuccessPageFormat=${auth.baseUiUrl}/status?authToken=%s

...

Used Below SAML Dependency in Project

Code Block
<dependency>
   <groupId>org.springframework.security.extensions</groupId>
   <artifactId>spring-security-saml2-core</artifactId>
   <version>2.0.0.M31</version>
</dependency>
<dependency>
   <groupId>org.opensaml</groupId>
   <artifactId>opensaml-saml-impl</artifactId>
   <version>3.2.0</version>
</dependency>

...

SAML login From UI - it will redirect to Microsoft login page and validate Username/Password internally and give response mention URL endpoint as per properties file and return call back URL

...

Parse SAML XML response