Reputation: 1946
Authenticate using SAML-based Basic Authentication?
I have a use case where a web application needs to let users authenticate in two different ways but using the same user data store (aka IDP) via SAML.
- User's browser is redirected to IDP and redirected back with SAML assertion (aka WebSSO Profile).
- User makes request to SP providing their credentials via Basic Authentication. SP would then need to send the user's credentials to the IDP and the IDP would provide an assertion all through a back channel (server to server).
I'm using Spring Security SAML extension. The sample application in Spring SAML contains both basic authentication with username and password and SAML-based authentication but the Basic Auth portion uses local accounts defined in the securityContext.xml file. I need to use the user accounts on the IDP. Is this possible? If so, how do I configure Spring SAML?
Upvotes: 2
Views: 2925
Answers (1)
Reputation: 15533
There is no standard SAML WebSSO mechanism which would allow SP to request assertion for a specific user by providing her credentials. You might want to look into WS-Trust standard which covers such use-cases using its Request security token methods (RST/RSTR calls). Another quite standardized way to do this is Client Credentials grant of OAuth 2.0. Both are out of scope for Spring SAML, but can be combined with it.
Upvotes: 3
Related Questions
- SAML2 Authentication with authorization based on SAML assertions
- Spring SAML Security Integration with Spring Web application
- Spring - How to implement Single Sign-On with SAML 2.0
- SAML Configuration
- Authentication using SAML in spring boot
- SPRING SAML Authentication not working
- how to configure both spring security basic authentication and SAML authentication using spring-sample example within same application
- Spring Security SAML Implementation
- Spring Security using SAML 1.1
- convert java webapp to use SAML2 authentication