zorlac
zorlac

Reputation: 75

Implementing a SAML 2.0 Service Provider using Spring Boot

I wanted to implement a Spring Boot SAML2.0 service provider. This service provider doesn't need to communicate to IDP as it will only receive an assertion object. My questions are:

  1. How can I implement a spring boot SAML2.0 service provider that only accept assertion objects. Get the principal information and redirect to a web application url with the information in the body?
  2. What is Assertion Consumer Service URL? How can I provide it with the created SP?

Thank you in advance.

Upvotes: 1

Views: 2366

Answers (2)

zorlac
zorlac

Reputation: 75

So, I solved my problem by creating a full SAML service provider using spring SAML extension. I was not knowledgeable with SAML service provider so I thought I could just create a code that would expose ACS URL and that's it. I configured the ACS url by setting up the SP base entity url and configured SAML Web SSO Processing filter.

Upvotes: 2

Bernhard Thalmayr
Bernhard Thalmayr

Reputation: 2744

If you only process a SAML Assertion, then you are not really implementing a SAMLv2 compliant Service Provider. A Service Provider does far more. Spring Security SAML extension is a Service Provider which could be used for your use case. The Assertion Consumer URL is configurable in Spring Boot configuration.

Upvotes: 1

Related Questions