Reputation: 1998
OpenAM and Spring Security 4 Integration
I am building a Spring-MVC-Hibernate back-end with dozens of RESTful web-services. The front-end will probably be an HTML5, CSS3, and JQuery web-app that utilizes back-end web-services I am developing.
We have an OpenAM 10.x SSO system on a Tomcat server, and we want to us that for authentication, no authorization rules are here or groups. All the documentation I have seen has been with an unknown version of OpenAM and Spring Security 3. We have OpenAM 10.x with no known time to upgrade to the latest OpenAM. We plan on using Spring Security 4.0.3, which is the latest at this time.
1) One way we can do this is to establish a Circle Of Trust, and then establish an IDP and a SP, and then we'll have a URL in order to do Federated SSO. I believe this is how our front-end will get authentication and get a token returned to the front-end and may be stored as a cookie.
2) Another way I have seen this done is to simply call the OpenAM restful api, pass in username and password and get a token. That token will then be used to pass into the back-end RESTful api's for security.
We will definitely be using Spring Security for Users, Roles, and Permissions (authorization), so can we do this? Use Spring Security 4.0.3 for users, roles, and permissions, but use OpenAM for authentication???
Any information would be very helpful. Thanks!
Upvotes: 1
Views: 4346
Answers (1)
Reputation: 322
We've been doing something similar with one of our applications. We started by using OpenAM 12 and we're now using OpenAM 13 SNAPSHOT.
We've been integrating using OpenID Connect though, not SAML. This was a good starting point for us: https://github.com/fromi/spring-google-openidconnect.
We used the default header/basic scheme in OAuth2ProtectedResourceDetails as opposed to form as in the sample.
On OpenAM, you'll have to configure OpenID Connect Provider. Steps in OpenAM 13:
- Login as amAdmin.
- Select the realm.
- The landing page (Dashboard/Realm Overview) will list common tasks.
- Choose Configure 'OAuth Provider', then 'Configure OpenID Connect'.
- Choose default values and click create.
Then you'll have to add an agent/client. Steps in OpenAM 13:
- From within the realm configuration page, choose agents.
- Select OAuth 2.0/OpenID Connect Client.
- Click on new button, enter client_id and client_secret values and create the agent.
- Click on the newly created agent to further configure parameters such as redirect_uri, scopes etc.
If you cannot chose OpenAM 12 or 13 and are stuck with OpenAM 10, this information may not be useful.
Upvotes: 2
Related Questions
- Spring SAML Security Integration with Spring Web application
- OpenAM + Spring Security SAML getting SAML Request is invalid response
- Spring Security with OpenAM
- Spring Security 4 with third party authentication token
- Spring SAML on Weblogic 12c
- Any useful link for integrating Spring and openAM
- Spring and Open AM security
- Spring Security SAML HTTP Post error with OpenAM
- Spring Security SAML extension with OPENAM
- Integrating OpenAM, tomcat J2EE policy agent with Spring Security-enabled web application