问题描述
我有几个 SAML 实施问题来澄清我的困惑......
我需要在 Java 网络应用中实现 SSO.
为此,我是否需要在我的主机上安装 Shibboleth SP 像这样,或者我可以通过 OpenSAML 提供 SP 功能吗?
我假设 shibboleth 的功能与 OpenSAML 相同,但只是在网络服务器级别,而 OpenSAML 将在软件方面进行.这个假设正确吗?
所以 shibboleth(根据 Scott Cantor 的说法)是用 OpenSAML 构建的......我的假设仍然成立吗?
使用 OpenSAML 需要什么?只是 IdP 网址和向 idP 的注册?
我是否需要提供一个 SP 目录,例如活动目录/LDAP?
感谢您的回答,但有人可以直接回答问题吗以上并详细说明它们......
您需要 Java 和 Web 容器,并在您的战争中包含 opensaml 库.
您需要在本地缓存 IdP 元数据或在每次要发送 AuthnRequest 或处理 SAMLResponse 时查找它.此外,您必须在 IdP 端注册您的 SP 元数据.
如果您使用 Shibboleth 作为 IdP,则应在 conf/relying-party.xml 文件中设置 SP 元数据.
我是否需要提供一个 SP 目录,例如活动目录/LDAP?
为了登录IdP,您需要在IdP端设置ldap或数据库服务器,并在conf/attribute-resolver.xml和conf/login.config中进行配置.
I got a couple of SAML implementation questions to clear up my confusion ...
I need to implement SSO in a java web app.
In order to do so, do I need Shibboleth SP installed on my host like so, or can I provide the SP functionality via OpenSAML?
I am assuming that shibboleth is doing the same as OpenSAML but just on a webserver level, whereas OpenSAML will do it on the software side. Is that assumption correct?
What will be needed to use OpenSAML? Just the IdP url and a registration with the idP?
Do I need to provide an SP directory, e.g. ActiveDirectory/LDAP?
You need Java and a web container, and include opensaml library in you war.
You need to cache IdP metadata locally or look it up each time when you want to send AuthnRequest or process SAMLResponse. Also you have to register your SP metadata on IdP side.
If you are using Shibboleth as your IdP, the SP metadata should be setup in conf/relying-party.xml file.
In order to login in IdP, you need to set up ldap or database server on IdP side and config it in conf/attribute-resolver.xml and conf/login.config.
这篇关于为了实施 SAML,我是否需要在我的主机上安装 Shibboleth SP?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!