A simple personal project to develop an Identity Provider. Version 1.0.0.
Icons provided by Iconixar
Identity Provider using open source frameworks
- Java 11
- Spring / Spring Security (5.x version)
- Hibernate (5.x version)
- Apache CXF (3.4.x version)
- OpenSAML (4.x version)
To change the KeyStore and Certificate (src/main/resources/cert), you can execute following commands
1. keytool -genkey -validity 365 -alias ALIAS -keystore /path/to/x.p12 -keypass KEYPASS -storepass STOREPASS -keysize 2048 -keyalg RSA -dname "CN=DOMAIN" -storetype PKCS12
2. keytool -export -rfc -keystore /path/to/x.p12 -storepass STOREPASS -alias ALIAS -file /path/to/x.crt -storetype PKCS12
- AuthnRequest -> Responds with an SAML Response
- LogoutRequest -> Responds with an SAML LogoutResponse
- ArtifactResolve -> Responds with an SAML ArtifactResponse
- AttributeQuery -> Responds with an SAML Response
- SP-Initialization
- IdP-Initialization
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (Signature not evaluated)
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST (Signature not evaluated)
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign (Signature is mandatory)
- urn:oasis:names:tc:SAML:2.0:bindings:SOAP [ArtifactResolve | AttributeQuery] (Signature not evaluated)
- urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact (Signature not evaluated)
- urn:oasis:names:tc:SAML:2.0:ac:classes:Password (username / password over HTTP)
- urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport (username / password over HTTPS)
- urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient (certificate import over HTTPS)
- urn:oasis:names:tc:SAML:2.0:ac:classes:X509 (signature import over HTTPS)
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted
- urn:oasis:names:tc:SAML:2.0:nameid-format:entity
- urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
- Single Sign On
- Single Log Out
- Claim based attributes
- Create and activate an account from zero
- Manage the account through a web UI (Ongoing...)
- Federation support (defined for NameIDPolicy urn:oasis:names:tc:SAML:2.0:nameid-format:persistent)
- Trust support
- Internationalization (Front-end)
- Automatic Metadata generation
- API documented with OpenAPI