I am adding SSO support to the spring application using the spring -security-saml extension. The idea would be that an IDP can register to use SSO with my application by filling out a form in the user interface, specifying their entityId URL, SSO authentication (for Initialized SP Login) and a public X.509 certificate. This is apparently a common workflow for SaoS applications with SSO support.
I have not yet been able to find a clean way to implement this with the saml spring extension, and I am wondering if there is one. FilesystemMetadataProviderand HTTPMetadataProviderprovide support for loading IDP metadata from an XML or HTTP GET file, respectively, but I need to instead generate IDP metadata from the above attributes that are stored in the database.
My real thinking is to use ResourceBackedMetadataProviderand use an implementation Resourcethat retrieves metadata attributes from the database for each registered IDP. It would look like this:
class DatabaseBackedResource implements Resource {
MetadataDao metadataDao;
public InputStream getInputStream() throws ResourceException {
Collection<MetadataPojo> idpMetadata = metadataDao.getMetadata();
return convertMetadataPojosToInputStream(idpMetadata);
}
private InputStream convertMetadataPojosToInputStream(Collection<MetadataPojo> metadata) {
}
}
MetadataPojo - - 3 , IDP. , Java- IDP, , spring saml. , AbstractMetadataProvider#unmarshallMetadata(InputStream) XMLObject, , MetadataPojo XMLObject.
, saml spring XML- IDP ? , , MetadataProvider, URL-?
Update:
MetadataProvider Resource, . IDP AbstractSAMLObjectBuilder (.. EntityDescriptorBuilder, IDPSSODescriptorBuilder, KeyDescriptorBuilder ..), . , spring SAML IDPMetadataGenerator, MetadataGenerator, SP.
, .