SAML SSO client, Test simulator SAML Provider/Server
SAML, SSO is a new learning in my project. I don't have enough time to experiment to find the correct tools/APIs. Requesting you to help.
I need to implement SAML Client (on Java) which must be able to send SAML assertions and receive SAML response from SAML provider/server. Which Java API should I use to write SAML client in Java?
And our customer already has SAML responder/server which receives the SAML request and sends the SAML response with t开发者_如何学Che user profiles and other information. But we need to write test simulator SAML responder/server. I have used Apache & Tomcat servers. Which server/APIs should I use to implement this test simulator SAML responder/server?
We use OpenSAML, which is quite flexible and not that hard to learn/use. I've used it to write service providers (including some client-customized versions), handle both solicited and unsolicited SAMLResponse XML, send AuthnRequests to an identity provider, call an IdP AttributeQuery service, and simulate identity provider SAMLResponse XML (for testing).
I think from your description that you'll be writing the identity provider part? If you're just doing simple unsolicited SAMLResponse XML, OpenSAML is probably overkill for you. If your XML messages are mostly the same, with just a few content elements changing from request to request, then you can just use a simple string template and fill in the few changing elements, no special SAML libraries necessary.
One thing you say does confuse me:
our customer already has SAML responder/Server which receives the SAML request and sends the SAML response with the user profiles
If they are the service provider and this is SAML SSO, then they receive SAMLResponse XML through a browser request, and respond by displaying content in the user's browser. They do not send you a response with user profiles. You may not have time to experiment, but I would encourage you to spend a little time reading the SAML documents - even just reading SAMLOverview should give you a little more grounding.
I am using Open SAML on client side and simple HTTP request/response on the server side because i dont have so many SAML request types. So better not to use such complex web service and SAML APIs on server side.
OpenSAML is a set of open source C++ & Java libraries meant to support developers working with the Security Assertion Markup Language (SAML). See openSAML API
精彩评论