Currently we have web app which uses spring Security for role based Authentication and Authorization. Since we want to use SSO I see this example to integrate Spring with Openam https://wikis.forgerock.org/confluence/display/openam/OpenSSO+Spring+Security+%28Acegi%29+Integration so it's like
My Web app (using spring to talk to openam) <===> IDP Proxy <====> IDP
But when I use the SAML tracer (The plugin for Firefox to track SAML requests/Responses) I don't see any SAML payloads between My web app and IDP proxy. Is it that Spring is using SOAP request to talk to IDP proxy by picking urls from AMConfig.properties ?
I thought of using Fedlet but reading the saml response from Fedlet and integrating that with Spring Security is not feasible. If Spring security3 doesn't use SAML2 is it a good idea to use spring framework to talk to openam ? Any inputs ?
Thanks in advance Ram
Ok folks we got our JSF2 web app working by integrating with Spring SAML extension and Spring Security along with open am. Spring SAML extension is here - (https://github.com/SpringSource/spring-security-saml)
So now we are pulling all user roles from LDAP using Openam as IDP and the saml request and response is processed by spring saml extension. The role based access within application is controlled by Spring Security.
I would like to thank Vladimir Schaefer - Author of Spring Saml , Stefan - from opensaml team, Peter Major- from Openam @ forge rock.
Wanted to add this note to let others know that the integration can be done to JSF app or any other web app and it uses Spring security SAML extension (which uses SAML 2.0 end to end) . We finally have single sign on working finally. I will put up an article on this shortly and will update this post.
I was able to add some more notes please see my articles on generic info related to Openam concepts http://reddymails.blogspot.com/2013/03/sso-for-java-or-net-web-based.html
Steps to integrate JSF 2 web application with Openam using Spring SAML extension and Spring Security. http://reddymails.blogspot.com/2013/06/integrating-jsf-web-applicataion-with.html
Thanks Ram