Hello,

I recently tried (with success) the tomcat Valve from Fediz (Apache CXF)

http://cxf.apache.org/fediz-tomcat.html

Note tha you need to take a recent 1.4.4 snapshot, because 1.4.3 has some bugs preventing it to work with SAML

Hope this help

Arnaud


On 08/06/2018 21:49, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Sandeep,

On 6/8/18 10:39 AM, Sandeep Muddamsetty wrote:
We are trying to implement  SAML SSO configuration on Tomact 8.5.X
servers . As we came to know that there is no direct
implementation of this authentication process  through some of the
blogs and need to depend on third party tools to make it possible .
As we are seeing so many tools  while searching for this but  not
getting exact information to use which tool . Do we have any apache
recommended tools for this ?.
I don't have a particular recommendation for you, but if you find
something that works well, would you mind sharing your experience with
the community?

I have implemented SAML SSO myself, but we don't use Tomcat's built-in
authentication and authorization framework, so it wouldn't be applicable
.

You will almost certainly have to implement a Valve (which is a
Tomcat-specific component) to accomplish this. You might want to look
at the org.apache.catalina.authenticator.FormAuthenticator source code
to see how it's done. Much of the heavy-lifting is done by the
AuthenticatorBase class, but the
doAuthenticate(Request,HttpServletResponse) method is where the "real
work" gets done to handle the incoming data, etc.

I suspect if you began with that code and started chopping-out pieces
and replacing them with parsing of the SAML response, validating and
verifying its authenticity, and then obtaining the user's identity
through the various SAML attributes sent by the identity provider, you
could get quite far on your own.

If you want to use an outside authentication system, it wouldn't
surprise me to discover that Spring Security already had a plug-in for
this kind of thing.

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsa3d0ACgkQHPApP6U8
pFgk1A//dRubWfOSrqniOQcUz0kFPtgyCYVOKBus6HLoo2+nWR6yXarLvbA8WG0+
rOcpmrSI4k2hcsjtDCG1GgtzdKVKdQhWJk5ZZOAomEl5Bwyj97geUxtrsnOwgXBY
BxY+p1m0IJuTSG5qF8i+zkvdfSRESghPx+wAUwxhf8g/XGucGA+S39HyEUrEGx6y
hkgdWvZdj13MIBADidY54yyq7mCqccAz+Qn7D87E5i65D4aM4mBjqUM33U+55t/C
6FQjRSDJVO0ShRrQg4gPLk7r9f1BNibr0gdiy5oCg4P/zbDLEvVNVnViGQV4gjmx
P3scgYGhamHLdTyGtmN1Bz19Ls1GFLia9JdA/2AtD41V6wpTIoWoN8wdHDOWTuO6
JTRDzTmLimjI38ca5ze26JJITueKK4MTpSL7eAcRopXfW4qoNi6Rc87hUUA/btT7
UhZGqeDVlyXTGQi5/KdL6BaFan+s6ILG/Ntuy9jCyohx/Jwrwx0XoksbjgTxYhhd
zYRlHG8XSEcGt9epHLm5G2Rnk8GfeuzuBtj512+QxsX6VrI2q3sHuIPIgA7Egsa4
LMNntcn156spvvrF2AbsGevCqKp+fka6JL6FT7cT7EHJ60spi93kLpKx+oN1j4wI
YInTT9ClPaEvj85EO5eKJdTAMPReB0Hj3ZvUeoj4Kvx1enenTG4=
=1Fc/
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to