Hello Chris, - Manually create DOM: agree with you, I would not go in that direction. I did it years ago when I developed a logout servlet for weblogic. You can have a look at the code here [1] and feel my pain :) - Library: I remember testing opensaml [2], it was the most popular at that time but it is not supported anymore :(
I am not sure what's your scenario, perhaps it is very specific and you do not have any other choice than get your hands dirty and implement something on your own. However if what you have in mind fits in this diagram [3] and you are running in tomcat :) I would use keycloak [4], for us is working great. Hope it helps, Luis [1] https://github.com/cerndb/wls-cern-sso/tree/master/saml2slo [2] https://stackoverflow.com/a/9080912/637409 [3] http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html#5.1.2.SP-Initiated%20SSO:%20%20Redirect/POST%20Bindings|outline [4] https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter El mar, 16 mar 2021 a las 23:22, André Warnier (tomcat/perl) (<a...@ice-sa.com>) escribió: > Alternatively, see this : > https://wiki.shibboleth.net/confluence/display/SP3/JavaHowTo > > On 16.03.2021 21:18, Christopher Schultz wrote: > > Robert, > > > > On 3/16/21 14:33, Robert Turner wrote: > >> Chris, > >> > >> I'm not sure if it will do what you want, but when sourcing Java-based > SAML > >> libraries for our use as an SP, I too found that most of the libraries > were > >> much larger and more complicated that I thought necessary. We went with > the > >> (limited but simple to use) OneLogin libraries for our use case. It > doesn't > >> do everything by any means, but was considerably smaller and simpler > than > >> most packages out there. > > > > I did see the OneLogin library. You mean this one, right? > > https://github.com/onelogin/java-saml > > > > Is there anything tied to any particular service for that? Or do they > simply give-away > > their library for use anywhere? > > > > Thanks, > > -chris > > > >> On Tue, Mar 16, 2021 at 1:55 PM Christopher Schultz < > >> ch...@christopherschultz.net> wrote: > >> > >>> All, > >>> > >>> I've got a system which is accepting one-legged, signed SAML responses > >>> from trusted third parties and going all the right things. It's working > >>> great. > >>> > >>> It's time to look at doing the opposite: assembling our own SAML > >>> responses, signing them, and sending them to another party. > >>> > >>> I'm sure I could manually create a DOM document with all the right > >>> namespaces, add the various values that I need, and then use XML DSIG > >>> using the bits and pieces that are provided by Java directly, but > >>> there's got to be a nice compact library that doesn't require me to > >>> download the entire internet in order to use in my product. > >>> > >>> Any recommendations? > >>> > >>> Thanks, > >>> -chris > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >>> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett
