Spring Security integration with WSO2 Identity Server - spring-security

Does Spring Security integrates with WSO2 Identity Server? If yes, then is there any sample or tutorial available for this?

Did you had any luck?? If so, could you point me in the right direction?
I'm researching on the same topic, you should take a lookt at:
Spring Security Extensions
Spring Security Extensions Git Web Interface
You could use either SAML2 or Kerberos to authenticate against WSO2 Identity Server, although I have not tested this yet, but should work.

If this is related Spring Security OAuth2 Integration with WSO2 IS.
Actually, there are 2 different ways to integrate Spring OAuth with WSO2 Identity Server:
using the WSO2 IS admin web services like OAuthAdminService, OAuth2TokenValidationService
sharing the database (not recommended, your application shouldn't have access to the identity provider database)
It's quite easy to integrate Spring OAuth with WSO2 Identity Server, of course, you could reimplement all TokenStore methods or the DefaultTokenServices to provide even more functionality and make the integration as transparent as you like but this sample is meant to show the very first steps.
You can refer the below blog https://www.yenlo.com/blog/wso2-spring-oauth2-integration-with-identity-server

Related

Java Spring Application - Integration with Azure AD for SSO

I have a Java Spring MVC application (note that its not spring boot).
We have a requirement to implement SSO for the users of our application. I did some research, the identity provider (IDP) in our case is Azure AD. The service provider would be my application in this case. I am thinking of using SAML protocol for SSO.
Also note - The application is http based (not HTTPS)
What I've done so far -
I've created an Enterprise Application on Azure and configured entityId and replyURL. I also added a user for this application.
Where I'm stuck -
Although I did read the related Spring documentation to achieve this, since I'm a newbie here, I still don't have a clear path as to how can I take this forward in my application. I found some solutions, they seem to be examples for spring boot. Can someone please help me with guides as to how this can be done in Java Spring? Which maven dependency I could use and any sample example to start working with SAML? A step by step explanation would be highly appreciated, thankyou.
Also, any other options than SAML would also be fine.
The Spring Security SAML extension (https://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/index.html) had an example web app. You may read the referenced doc and apply it to Spring Security SAML. It should not be too much difference.
I’m very glad to register the flow in the event of implementing Azure AD B2C OIDC/OAuth protocol with existing Spring MVC architecture.
Below Spring docs reveal that how was our existing project's spring-security layer being served in the context of filter-chain.
Pre-requisites
Authentication Filter - Form Based Login with Legacy IDP
Authentication Manager – Providing the user details authorities along with http session object
For accomplishing this Azure B2C Integration, we've gone thro' lot of repos but most of them are relying with Java config based but we were interested on Spring namespace with limited code/architectural change.
Then finally we came to the conclusion that how to extend the spring default auth-filter/manager for getting valid session object from security context based on the Azure provided (id/access) token after the successful user authentication.
Customizing Spring-Security
The detailed documentation on how to extend auth-filter/manager is available here with © reserved by terasoluna.org
We customized the spring security in such a manner that auth-filter will carry the token_validation against the given token from Azure and authentication manager will extract user details such as roles/privileges w.r.t to the object-id mapped in our DB's user entity.
Once the Spring security customization is done then we can able to integrate the Authorization-server [Azure in our case] and Resource-server [Existing Spring Application] by following the conventional methods.

How do I implement OpenID connect in a Spring Security Authorization Server?

I've got an Authorization Server running using Spring boot security and spring-security-oauth2-autoconfigure shim jar.
I would like to implement the openid scope and provide identity tokens back to my clients.
Is there a way to do this currently using Spring libraries?
thanks

identity provider - Build identity provider manual on local

I'm using spring security saml to implement SSO. For testing, I used ssocircle as idp. But now, I want to control authenticating by myself, that means, can I build idp host on my local by using spring security (user info will be stored in my database).
Note: OpenAM is not my expectation.
It is not advisable to build your own IDP because it is a complicated process, even if you use a library like opensaml, your best option would be to install Shibboleth Idp, there are many tutorials online, some on the shibboleth.net website and some on other websites. These two are very good tutorials:
1- https://books.google.ie/books?id=AeBaAQAAQBAJ&pg=PA3&lpg=PA3&dq=Investigation+and+implementation+of+Shibboleth+SSO+authentication+mechanism&source=bl&ots=g6A_kstwJ2&sig=Nr4AR6WKillYyIl5UQaUszkTDB8&hl=en&sa=X&ved=0ahUKEwibtvL51tvJAhUI_A4KHb18DUYQ6AEIKTAB#v=onepage&q&f=true
2- https://tuakiri.ac.nz/confluence/display/Tuakiri/Installing+a+Shibboleth+3.x+IdP

Spring security: External Authorization

I successfully completed login module of my application using spring security's inbuilt authentication & authorization mechanism.But later i was told to check if i can integrate WSO2 (SOA solution as external Authorization mechanism) with Spring security so that i can use Spring security's authentication mechanism alone and WSO2 for authorization instead of using Spring security provided Authorization.
I did search & read the documentation and i could get details about using External authentication with Spring security & nothing about External authorization.I would like to know if i can do the same and also how i can do it.Any pointers will be really helpful for me.

Spring Security with OpenAM

Currently we have web app which uses spring Security for role based Authentication and Authorization.
Since we want to use SSO I see this example to integrate Spring with Openam https://wikis.forgerock.org/confluence/display/openam/OpenSSO+Spring+Security+%28Acegi%29+Integration
so it's like
My Web app (using spring to talk to openam) <===> IDP Proxy <====> IDP
But when I use the SAML tracer (The plugin for Firefox to track SAML requests/Responses) I don't see any SAML payloads between My web app and IDP proxy.
Is it that Spring is using SOAP request to talk to IDP proxy by picking urls from AMConfig.properties ?
I thought of using Fedlet but reading the saml response from Fedlet and integrating that with Spring Security is not feasible.
If Spring security3 doesn't use SAML2 is it a good idea to use spring framework to talk to openam ?
Any inputs ?
Thanks in advance
Ram
Ok folks we got our JSF2 web app working by integrating with Spring SAML extension and Spring Security along with open am.
Spring SAML extension is here - (https://github.com/SpringSource/spring-security-saml)
So now we are pulling all user roles from LDAP using Openam as IDP and the saml request and response is processed by spring saml extension. The role based access within application is controlled by Spring Security.
I would like to thank
Vladimir Schaefer - Author of Spring Saml ,
Stefan - from opensaml team,
Peter Major- from Openam # forge rock.
Wanted to add this note to let others know that the integration can be done to JSF app or any other web app and it uses Spring security SAML extension (which uses SAML 2.0 end to end) .
We finally have single sign on working finally.
I will put up an article on this shortly and will update this post.
I was able to add some more notes please see my articles on
generic info related to Openam concepts
http://reddymails.blogspot.com/2013/03/sso-for-java-or-net-web-based.html
Steps to integrate JSF 2 web application with Openam using Spring SAML extension and Spring Security.
http://reddymails.blogspot.com/2013/06/integrating-jsf-web-applicataion-with.html
Thanks
Ram
I don't see any SAML payloads between My web app and IDP proxy
According to the page, the integration is very similar to a normal agent approach. This probably means that you app talks to OpenAM using SOAP and OpenAM talks to the IDP using SAML.
But when I use the SAML tracer (The plugin for Firefox to track SAML
requests/Responses) I don't see any SAML payloads between My web app
and IDP proxy. Is it that Spring is using SOAP request to talk to IDP
proxy by picking urls from AMConfig.properties ?
If things are working correctly you should see a SAML authentication request when you are forwarded to the IDP.
What you should do is probably start plowing through the OpenAM debug logs.
Especially the Federation log.
I thought of using Fedlet but reading the saml response from Fedlet
and integrating that with Spring Security is not feasible. If Spring
security3 doesn't use SAML2 is it a good idea to use spring framework
to talk to openam ? Any inputs ?
There is an spring extension that allows you to use SAML directly.
http://static.springsource.org/spring-security/site/extensions/saml/index.html
You could have a look at that.

Resources