- Single Sign on for Java/J2ee based Web applications
- Single sign on using Spring Security SAML Extension and Role based authentication using Spring Security
- Single sign on Java
- Single sign on for JSF based web application.
Before getting in to the details of why we need OpenAM lets know some terminologies.I will describe them in my own words as those technical jargon's took me a while to catch up.
Eg: Say your web application (SP) is at www.xyz.com/shopnow and your identity provider url is www.myidp.com/openam then you need to add both these urls to one circle of trust in OpenAM.
There could be a situation where you may have to integrate more than one IDP to your SP in that case you need to have another instance of OpenAM that can act like IDP proxy.
So your configuration will look like
SP (Your Java Web app or Generated Fedlet) <===> IDP Proxy (openam) <=====> (IDP1, IDP2.....)
IDPProxy is an OpenAM instance
IDP1, IDP2- Are Identity providers which can be OpenAM or any SAML2 Complaint IDPs.
I have seen in openam wiki where they have given an example to install 3 instances of openam so that one is IDP, other is Proxy and 3rd openam instance as SP. That is way complex.
For simple scenario you need just one openam instance which acts as IDP and generate a Fedlet and that will act as SP.For just SP you don't need another openam instance. Also consider using proxy only if you are integrating with more than one IDP so that the SP can talk to proxy and need not worry about multiple IDP's. Here your proxy is acting like a Facade and hides complexity of multiple IDP's
So for simple scenario it will look like
SP (Your Java Web app or Openam generated Fedlet client) <===> IDP (openam)
Here SP should be able to send and receive SAML requests/responses.
Here is link for some sample saml request and responses.
Don't panic you will not create this xml OpenAM, Spring Saml extension or Fedlet does the job for you.
In the next article I will explain how to install OpenAM as IDP and how you can plugin Spring SAML extension and Spring Security to you web app to talk to OpenAM and trouble shooting.
I have a added new article on how to intgerate a Java based web applications with openam for single sign on . The application can be a JSP or Struts or JSF based web app.
All can use this tutorial.
If you like my articles or have any suggestions please leave a comment.