-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sandeep,
On 6/8/18 10:39 AM, Sandeep Muddamsetty wrote: > We are trying to implement SAML SSO configuration on Tomact 8.5.X > servers . As we came to know that there is no direct > implementation of this authentication process through some of the > blogs and need to depend on third party tools to make it possible . > As we are seeing so many tools while searching for this but not > getting exact information to use which tool . Do we have any apache > recommended tools for this ?. I don't have a particular recommendation for you, but if you find something that works well, would you mind sharing your experience with the community? I have implemented SAML SSO myself, but we don't use Tomcat's built-in authentication and authorization framework, so it wouldn't be applicable . You will almost certainly have to implement a Valve (which is a Tomcat-specific component) to accomplish this. You might want to look at the org.apache.catalina.authenticator.FormAuthenticator source code to see how it's done. Much of the heavy-lifting is done by the AuthenticatorBase class, but the doAuthenticate(Request,HttpServletResponse) method is where the "real work" gets done to handle the incoming data, etc. I suspect if you began with that code and started chopping-out pieces and replacing them with parsing of the SAML response, validating and verifying its authenticity, and then obtaining the user's identity through the various SAML attributes sent by the identity provider, you could get quite far on your own. If you want to use an outside authentication system, it wouldn't surprise me to discover that Spring Security already had a plug-in for this kind of thing. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsa3d0ACgkQHPApP6U8 pFgk1A//dRubWfOSrqniOQcUz0kFPtgyCYVOKBus6HLoo2+nWR6yXarLvbA8WG0+ rOcpmrSI4k2hcsjtDCG1GgtzdKVKdQhWJk5ZZOAomEl5Bwyj97geUxtrsnOwgXBY BxY+p1m0IJuTSG5qF8i+zkvdfSRESghPx+wAUwxhf8g/XGucGA+S39HyEUrEGx6y hkgdWvZdj13MIBADidY54yyq7mCqccAz+Qn7D87E5i65D4aM4mBjqUM33U+55t/C 6FQjRSDJVO0ShRrQg4gPLk7r9f1BNibr0gdiy5oCg4P/zbDLEvVNVnViGQV4gjmx P3scgYGhamHLdTyGtmN1Bz19Ls1GFLia9JdA/2AtD41V6wpTIoWoN8wdHDOWTuO6 JTRDzTmLimjI38ca5ze26JJITueKK4MTpSL7eAcRopXfW4qoNi6Rc87hUUA/btT7 UhZGqeDVlyXTGQi5/KdL6BaFan+s6ILG/Ntuy9jCyohx/Jwrwx0XoksbjgTxYhhd zYRlHG8XSEcGt9epHLm5G2Rnk8GfeuzuBtj512+QxsX6VrI2q3sHuIPIgA7Egsa4 LMNntcn156spvvrF2AbsGevCqKp+fka6JL6FT7cT7EHJ60spi93kLpKx+oN1j4wI YInTT9ClPaEvj85EO5eKJdTAMPReB0Hj3ZvUeoj4Kvx1enenTG4= =1Fc/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
