Skip to content
Advertisement

How to create a SSO Service Provider?

I am new to the concept of Single Sign On. We already have a Java web application which manages its user. Now the requirement is that the authentication will be provided by the SSO Idp at customer end (using SAML) after which the request will be forwarded to our application. Since I haven’t implemented anything like this before, I need to clarify the following queries to proceed further:

  1. How to check that the request comes after authentication from SSO IdP?
  2. How to manage the session? Because the session will be created at customer end.
  3. If they hit logout is it better to stay in our application or to redirect to their application from which the user access ours?

There is an internal application at customer end which contains link to many application which makes use of the same SSO IdP. The user can’t access internet directly.

Any tutorials or starting point which will help me to understand SSO initiated from IdP side will be helpful.

Thank You.

Advertisement

Answer

SSO i usually done using a ready SSO product for example OpenAM or shibboleth

  1. This differs from product to product but normally the application installs an agent that acts as a filter that checks if the user is authenticated with the IDP, if not the filter redirects the user to the IDP.
  2. Normally there is an authenticated session in the SSO products that only keeps the state of authentication, you still have a session on your application to keep application specific user information.
  3. This can also be handled by the product. There are generally two ways to do logout. By redirect or SOAP. with redirect the user is redirected to the IDP and then the different SPs that its signed into. In SOAP your application does a webservice call to the IDP, requesting logout. The IDP then sends logout requests to the other SPs. Redirect is the recommended method.

I recommend reading the technical overview on SAML from Oasis

On my blog I have some posts giving some introduction to SAML

A short introduction to SAML

SAML Web Profile

In my book, A Guide To OpenSAML, I also write alot about this

User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement