Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: file names -> filenames

...

Code Block
languagetext
titleListing 1. An overview of the SAML SP files after the integration
<webapp_directory>\WEB-INF\web.xml                          [servlet and filter configuration] 
<webapp_directory>\WEB-INF\lib\*.jar                        [SAML SP binary libraries]
<webapp_directory>\WEB-INF\classes\logback.xml              [SAML SP logger configuration for Logback]
<webapp_directory>\WEB-INF\saml2\sp\identity.properties     [SAML SP identity]
<webapp_directory>\WEB-INF\saml2\sp\metadata\metadata.xml   [IDP metadata]

...

Code Block
titleListing 2. Copying the binary libraries
cd ubispservlet\webapp\WEB-INF
copy lib\*.jar <webapp_directory>\WEB-INF\lib\.

SAML SP application logging

The SAML SP package uses SLF4J API and distributed with Logback logger implementation and a configuration file for it.

If the web application uses different logger implementation than Logback then do not copy logback*.jar files to the <webapp_directory>\WEB-INF\lib or remove them from there if they were copied. In this case to enable SAML SP logging it may require to add the additional dependencies for SLF4J depending on the logger implementation.

If the web application uses Logback as well consider also to copy the provided configuration:

Code Block
titleListing 2. Copying the binary libraries
cd ubispservlet\webapp\WEB-INF
copy classes\logback.xml <webapp_directory>\WEB-INF\classes\

...

The HTTP endpoint is the fully qualified URL address where ServiceProviderServlet is bound. The path of ServiceProviderServlet is /spsso.
The identity is generated into a file named identity.properties. This file is located in the /WEB-INF/saml2/sp/identity.properties path of the web application.

<path_to_ubispservlet> is the path were the SAML SP servlet package was extracted to.

Code Block
titleListing 3. Creating the Service Provider identity
cd <webapp_directory>\WEB-INF
mkdir saml2\sp
java -jar lib\sso-ubisaml2<path_to_ubispservlet>\tools\metadata-generator.jar Generate https://sp.example.com/webapp/spsso -o saml2\sp

...

Code Block
titleListing 4. Write the SAML metadata of the Service Provider to the c:\temp\sp.xml file
cd <webapp_directory>\WEB-INF
java -jar lib\sso-ubisaml2<path_to_ubispservlet>\tools\metadata-generator.jar Metadata saml2\sp -f c:\temp\sp.xml

...

If your application uses an attribute authority (AA) for attribute queries, you should copy the AA metadata to /WEB-INF/saml2/sp/metadata folder together with the IDP metadata file. The name of each file is insignificant, but should have the suffix .xmlfilenames must match, for example metadata.xml and metadata.href.

Key rotation

In order to use Key Rotation feature and update IDP/AA metadata automatically a ".href" file must exist. Don't be confused with the file extension since it is just a normal properties file in "key=value" format.

...

The example:

Code Block
titleuasmetadata.href
entityId=https://localhost:8443/uas
type=AAIDP
url=https://localhost:8443/uas/saml2/metadata.xml
refreshInterval=20

...