The purpose of this module is to understand how to integrate a web application as SAML 2.0 Service Provider |
|
In a real case, your customers will have to connect one or more external services such as a CMS, ordering portal, support tools etc, which are called Service Providers (SP) in SAML terminology.
In this lab, we will do two types of web application integration:
As you see in the diagram:
IDP: Identity Provider
SP: Service Provider
SAML Metadata is an XML file describing how to communicate with a SAML SP or IDP
Ubisecure products build the metadata automatically
Example SSO Endpoint definition:
In summary, the main phases of integrating a SAML SP application for Java with Ubisecure SSO are:
At the end of this lab, you will have successfully logged in to the web application SmartPlan Application by using password authentication. You will use this application later in Lab 2.5: Authorisation Policy and Lab 3.1: Federation Configuration.
The instructions are in the following section.
During the installation, select port 8090 (or another that is not taken) for HTTP/1.1 Connector Port.
The path to install Java is: C:\Program Files\AdoptOpenJDK\jdk-8.0.275.1-hotspot\jre
The system is running when the address http://localhost:8090/ answers as follows:
You can also modify the port number after installation. Do edit the file C:\Program Files\Apache Software Foundation\Tomcat 9.0\conf\server.xml |
Install SmartPlan Application
The package is available at \\ubidemo.com\Ubidemo\Software\IAM Academy\ubisp-sample-2.7-smartplan.zip.
Unzip the package and extract all files into directory C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps:
Create private and public keys:
cd /d "C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\smartplanapplication\WEB-INF" "C:\Program Files\AdoptOpenJDK\jdk-8.0.275.1-hotspot\jre\bin\java.exe" -jar lib/ubisaml2.jar Generate http://localhost:8090/smartplanapplication/spsso -o saml2/sp -y |
Create service provider metadata:
cd /d "C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\smartplanapplication\WEB-INF" "C:\Program Files\AdoptOpenJDK\jdk-8.0.275.1-hotspot\jre\bin\java.exe" -jar lib/ubisaml2.jar Metadata saml2/sp -f sp-metadata.xml -y |
Open Ubisecure SSO management console https://login.smartplan.com:8443/ubilogin. Right click [SAML 2.0] to save the identity provider's SAML 2.0 metadata file (metadata.xml) to directory C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\smartplanapplication\WEB-INF\saml2\sp\metadata\
At "ID and Activation" press "Activate" and select the metadata from C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\smartplanapplication\WEB-INF\sp-metadata.xml
Press "Update" button
Then go to "Allowed Methods" and add "CustomerID Password." Click "Update"
In this lab we used SAML for integration. There are many compatibility flags to integrate diverse SAML applications
Other integration methods can be found under the link below.
One of the main goals to installing SmartPlan application is to use it for testing any future configurations you do in the CIAM system.
Alternatively to SmartPlan application you can use a utility called OpenID Connect Tester.
The main differences are:
On this exercise, after you configure OpenID Connect Tester you will be able to analyze all the steps of an Authorization Code Flow.
For more information about this utility, visit OpenID Connect Tester GitHub page.
On the pop-up window, fill in the fields as seen below.
Technical Name: | OpenID Connect Tester |
Application Type: | OAuth 2.0 |