Skip to content

tazouxme/saml-identity-provider

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

SAML Identity Provider (Simple personal project)

A simple personal project to develop an Identity Provider. Version 1.0.0.

Icons provided by Iconixar

Identity Provider using open source frameworks

  • Java 11
  • Spring / Spring Security (5.x version)
  • Hibernate (5.x version)
  • Apache CXF (3.4.x version)
  • OpenSAML (4.x version)
To change the KeyStore and Certificate (src/main/resources/cert), you can execute following commands  
1. keytool -genkey -validity 365 -alias ALIAS -keystore /path/to/x.p12 -keypass KEYPASS -storepass STOREPASS -keysize 2048 -keyalg RSA -dname "CN=DOMAIN" -storetype PKCS12
2. keytool -export -rfc -keystore /path/to/x.p12 -storepass STOREPASS -alias ALIAS -file /path/to/x.crt -storetype PKCS12
Request type handled:
  • AuthnRequest -> Responds with an SAML Response
  • LogoutRequest -> Responds with an SAML LogoutResponse
  • ArtifactResolve -> Responds with an SAML ArtifactResponse
  • AttributeQuery -> Responds with an SAML Response
Supported initializations:
  • SP-Initialization
  • IdP-Initialization
Supported bindings:
  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (Signature not evaluated)
  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST (Signature not evaluated)
  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign (Signature is mandatory)
  • urn:oasis:names:tc:SAML:2.0:bindings:SOAP [ArtifactResolve | AttributeQuery] (Signature not evaluated)
  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact (Signature not evaluated)
Supported AuthnContextClassRef:
  • urn:oasis:names:tc:SAML:2.0:ac:classes:Password (username / password over HTTP)
  • urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport (username / password over HTTPS)
  • urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient (certificate import over HTTPS)
  • urn:oasis:names:tc:SAML:2.0:ac:classes:X509 (signature import over HTTPS)
Accepted NameIDPolicy:
  • urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
  • urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted
  • urn:oasis:names:tc:SAML:2.0:nameid-format:entity
  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • urn:oasis:names:tc:SAML:2.0:nameid-format:transient
  • urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
Services implemented
  • Single Sign On
  • Single Log Out
  • Claim based attributes
  • Create and activate an account from zero
  • Manage the account through a web UI (Ongoing...)
  • Federation support (defined for NameIDPolicy urn:oasis:names:tc:SAML:2.0:nameid-format:persistent)
  • Trust support
  • Internationalization (Front-end)
  • Automatic Metadata generation
  • API documented with OpenAPI

About

A simple personal project to develop a SAML Identity Provider

Topics

saml authentication saml2

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages