Easiest IDP to provide out-of-box with SAML2 SP
I am migrating a webapp that currently uses spring-security with basic authentication to use SAML2 SSO. By default the project provides the embedded LDAP server provided by...
View ArticleSAMLAuthenticationToken cannot be "authenticated" - why?
something that I probably miss, and maybe someone can spill some light. I saw that the SAMLAuthenticationProvider creates a new authentication token of type ExpiringUsernameAuthenticationToken. In my...
View Article1.0 rc3
Hi Vlad, Are there plans to release RC3 and 1.0 soon? I am curious about the release plans. Thanks, Ian
View ArticleERROR JKSKeyManager:120 - Error initializing key store
After successfully building, deploying and playing with the spring-security-saml2-sample I am trying to replicate it in my webapp. I am using a copy of the same JKS keystore as the one in...
View ArticleUsing spring-ws, WSS, spring-security-saml2-core with SAML token profile
My existing webapp supports a soap-endpoint accessed using spring-ws and secured using spring-security with XwsSecurityInterceptor. Currently it uses basic authentication and an LDAP Identity Provider...
View ArticleIDP initiated SAML sign on with Multi Tenant SP configuration
I have a working setup of an IDP initiated SAML sign on to our single SP. The metadata configuration is as shown: Code: <bean id="metadata"...
View ArticleFree IdP that supports subject role management?
I have had initial success migrating my webapp to support SAML2 using spring-security-saml2-core and ssocircle as IdP. Thanks for a terrific project. I now need to be able to create roles and assign...
View ArticleSAMLMessageStorage implementation for DB?
Hi, in my case, the system contains multiple tomcats, each one of them runs a WAR that contains the sprin-sec-saml. so i'm not sure that the tomcat which sent the saml-request is the one to handle the...
View Articleintegrating spring-oauth and spring-saml: does not redirect back to...
Vladi, I've posted this in the main security forum because I think it is relevant not only for saml ot oAuth, but maybe you will have an idea how to resolve this one... Ohad
View ArticleClik here to view.
A really weird bug.
If user is logged in and he/she is inactive for a more then 1 hour (inactive means - he doesn't use the website, doesn't click on links, etc) and then if he/she try to login again they gets 401...
View ArticleSpring security SAML and SAML attributes
I need to integrate a spring application with an existing SAML IDP requesting some custom SAML attributes to be set in the SAML authentication request. I've tried with the spring security SAML...
View ArticleSAML Authentication integration with CAS
We have a suite of existing web applications(each being a seperate war file) that have SSO enabled amongst themselves through CAS using Spring Security. Now we have a new requirement where in third...
View ArticleSpring SAML Memory consumption
HI, We have a standalone spring saml web application acting as a SAML service provider. Trials runs indicates high Tomcat memory utilisation by the web application. Seeing around ~0.18 MB per user...
View ArticleProxy problem
Hi, I have started to look into the example and try to figure out how the SAML extension works. I have managed to build and deploy the example into WebLogic 12c, but I am not able to figure out how to...
View ArticleFilter security exception
My tomcat server show this error, but I can login and do the SSO. I don't know whether it is a critical error or not? I check my SAML setting and everything is OK. I cannot identify what is the problem...
View ArticleImport public keys
Hi, My web application is integrated with Spring Security - SAML extenstion. The user is authenticated by an IDP, which its public certificate is embedded in its metadata. How can I import the IDP...
View ArticleIDP initiated SSO
Hi, I have started looking into Spring Security SAML extension in order to implement a rather simple (?) business case, but I guess I need some assistance in order to implement it. Our business case is...
View ArticleMultiple IDPs configured in runtime
Hi, I need to support multiple IDPs configured in runtime, metadata XML is saved to DB. IDP should be selected automatically depending on passed HTTP param. So far I I'm considering something like this...
View Articlememory leaks on 1.7 xerces
On tomcat 7 + jdk 1.7 org.apache.xerces.jaxp.datatype.DatatypeFactoryImp l is responsable of blocking the gc of org.apache.catalina.loader.WebappClassLoader. As JDK 7 comes with a JAXB implementation,...
View ArticleError decoding incoming SAML message
Hello, I am trying to implement single sign on across three of my webapps using the spring SAML extension. But I am implementing the sample app given before implementing the SAML extension on my own...
View Article