Enabling SAML2 Federation For Existing Java Web Application

Enabling SAML2 Federation For Existing Java Web Application

How to enable SAML2 federation on existing java web application?

There are many scenarios where in-house applications are developed and have their own authentication mechanism. To enable Single Sign On using SAML2 federation on this kind of application, it needs additional code and configuration. This can be achieved in many ways writing java code, some of them are listed below.

1. Servlet filter
2. New authentication endpoint using REST endpoint or servlet

Servlet filter Approach:

Create servlet filter and map for all the requests with wildcard parameter in web.xml. Servlet filter has to validate session for authentication if the session is un-authenticated it has to redirect IDP with SAML2 Request. When IDP sends saml response it has to intercept the request and do saml2 validation. On successful validation of saml2 assertion, parse assertion and read name identifier or saml2 attribute and create an authenticated session at the web application and redirect to target.

Servlet Approach:

Create Servlet and deploy to the web application. Create servlet mapping with a proper endpoint. When a un-authenticated session is identified redirect to this created servlet and complete the federation as similar to servlet filter explained above.

 

Code Sample:

 



Download saml service provider sdk Sample eclipse java project which uses coveo saml2-client project. Explore SAMLSP.java for more information.

Copy IDP metadata to resource directory or edit IDP_metadata.xml in resource folder with your IDP information.

In this example servlet, Service Provider assertion consumer endpoint is http(s)://<>/saml2sp/saml2/sp

Service provider entity ID: SAML2_SP_SDK

Finish the Service Provider configuration NetIQ Access Manager with manual entries for SP metadata as shown below:



Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
2 of 2
Last update:
‎2020-01-31 11:56
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.