Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: logback.xml added; minor format fixes

An Overview of the Configuration Files

Steps required to integrate SAML SP to a web application are described in this chapter. An overview of the SAML SP configuration files created or modified during the process is shown in Listing 1 . The location of the web application is denoted with <webapp_directory> and should be replaced with the actual directory.

The steps are:

  1. The application’s deployment descriptor web.xml is modified to include the SAML SP servlet and filter configuration.
  2. The provided binary libraries are copied to the WEB-INF\lib directory.
  3. The provided logger configuration logback.xml is copied to WEB-INF\classes directory.
  4. SAML SP identity information is created to the WEB-INF\saml2\sp directory and the IDP metadata is copied to the WEB-INF\saml2\sp\metadata directory.
Code Block
languagetext
titleListing 1. An overview of the SAML SP files after the integration
<webapp_directory>\WEB-INF\web.xml		   					                          [servlet and filter configuration] 
<webapp_directory>\WEB-INF\lib\*.jar						                        [SAML SP binary libraries]
<webapp_directory>\WEB-INF\classes\logback.xml              [SAML SP logger configuration]
<webapp_directory>\WEB-INF\saml2\sp\identity.properties		     [SAML SP identity]
<webapp_directory>\WEB-INF\saml2\sp\metadata\metadata.xml	   [IDP metadata]

Copying the Binary Libraries

Copy the binary libraries from ubispservlet/webapp/WEB-INF/lib to the WEB-INF/lib directory of the web application.

Code Block
languagetext
titleListing 2. Copying the binary libraries
cd ubispservlet\webapp\WEB-INF\lib
copy lib\*.jar <webapp_directory>\WEB-INF\lib\.
copy classes\logback.xml <webapp_directory>\WEB-INF\classes\

Create the SAML Service Provider identity

...

The HTTP endpoint is the fully qualified URL address where ServiceProviderServlet is bound. The path of ServiceProviderServlet is /spsso.
The identity is generated into a file named identity.properties. This file is located in the /WEB-INF/saml2/sp/identity.properties path of the web application.

Code Block
languagetext
titleListing 3. Creating the Service Provider identity
cd <webapp_directory>\WEB-INF
mkdir saml2\sp
java -jar lib\sso-ubisaml2.jar Generate https://sp.example.com/webapp/spsso -o saml2\sp

...

SAML metadata is an XML formatted document. The metadata represents the public information about the Service Provider identity.

text
Code Block
language
titleListing 4. Write the SAML metadata of the Service Provider to the c:\temp\sp.xml file
cd <webapp_directory>\WEB-INF
java -jar lib\sso-ubisaml2.jar Metadata saml2\sp -f c:\temp\sp.xml

...

The following properties are supported in ".href" file:


Value type
entityIdstring

An entity identifier. Should be taken from IDP/AA metadata:

<md

<md:EntityDescriptor

entityId="https://localhost:8443/uas"...>

type- IDP (Identity Provider);
- AA (Attribute Authority).
An entity type.
urlstring

A URL to fetch metadata from. The same URL where SAML 2.0 IDP/AA metadata was fetched initially.

See "Get the Metadata of the Identity Provider" step.

refreshIntervalnumberAn interval in seconds to fetch the metadata.

...