Spring Security SAML extension on Spring framework 4.0 and Spring security 3.2.4

Question

I would like to use annotation configurations for my spring based application. And also SAML2.0 digestion and generation is required for SSO purpose.

Annotation configuration only supported by Spring 4.0 and Spring security 3.2.4

Is the integration of Spring security SAML 1.0 possible?

Updated: The sample project provided by Vladimír Schäfer is really helps.

But after the sso login, the page had been redirected to the authentication failure URL on the service provider app.

The SAML response as below:

 <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
            Destination="http://myIP:8080/websso/saml/SSO"
            ID="s237fe42260c297d9dfd7845b3691ef76e0bc27c76"
            InResponseTo="a14hc23eda9j396g2h5aff4076216g5"
            IssueInstant="2014-08-28T07:36:07Z"
            Version="2.0"
            >
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://idp.ssocircle.com</saml:Issuer>
    <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
            <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"
                              xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                              />
    </samlp:Status>
    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                    ID="s2e84d407027285a27d32a70c93ebdc70298956c8d"
                    IssueInstant="2014-08-28T07:36:07Z"
                    Version="2.0"
                    >
            <saml:Issuer>http://idp.ssocircle.com</saml:Issuer>
            <saml:Subject>
                    <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                                 NameQualifier="http://idp.ssocircle.com"
                                 >nameID</saml:NameID>
                    <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                            <saml:SubjectConfirmationData InResponseTo="a14hc23eda9j396g2h5aff4076216g5"
                                                          NotOnOrAfter="2014-08-28T07:46:07Z"
                                                          Recipient="http://myIP:8080/websso/saml/SSO"
                                                          />
                    </saml:SubjectConfirmation>
            </saml:Subject>
            <saml:Conditions NotBefore="2014-08-28T07:26:07Z"
                             NotOnOrAfter="2014-08-28T07:46:07Z"
                             >
                    <saml:AudienceRestriction>
                            <saml:Audience>entityID</saml:Audience>
                    </saml:AudienceRestriction>
            </saml:Conditions>
            <saml:AuthnStatement AuthnInstant="2014-08-28T07:35:44Z"
                                 SessionIndex="s274ab5c8a81ed49654745a6583214314f65138201"
                                 >
                    <saml:AuthnContext>
                            <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
                    </saml:AuthnContext>
            </saml:AuthnStatement>
    </saml:Assertion>
   </samlp:Response>

I suspect this is due to the time zone of SP is differ from the IDP, how do I skip this?

Answer 1

Spring SAML seems to work well with Spring 4.0 and Spring Security 3.2.4. You can use spring-boot-security-saml-sample project as a reference.

Next version of Spring SAML will most likely contain additional support for Java configuration, but as the example above shows it is possible to get everything working with the project as is.