Skip to content

lvillaca/springboot_saml_client

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradle.properties
gradle.properties
 
 
gradlew
gradlew
 
 
keytool_cert_create.sh
keytool_cert_create.sh
 
 
reload.sh
reload.sh
 
 

Repository files navigation

This is an example of a SpringBoot SAML client, configured via gradle, currently being used for Keycloak clients.

It also simplifies the building process of a Docker container image, and can also dispatch a running container.

This example was created based on the project from https://github.com/vdenotaris/spring-boot-security-saml-sample Beware maven central may not find all the required libraries! Shibolet maven repository (https://build.shibboleth.net/nexus/content/repositories/releases/) is referenced in pom.xml frm this original project.

The following are usage instructions:

1 - If you do previously hold a certificate, extract a JKS for that, otherwise:

  • Run keytool_cert_create.sh to create the self-signed jks and X509 certificate
  • Keep the alias and password handy

2 - Create a SAML client entry under any IDP realm and map it to the app DNS

  • Import the X509 certificate in Keycloak settings for the client (SAML Keys)
  • Make sure Valid Redirect URLs are set, along with Logout Service Binding URLs

3 - Update src/main/resources/application.yml

  • Under ssl, set the keystore attributes based on step 1
  • Under key-manager, set the classpath, store-pass and alias based on the keystore above
  • Set metadata URL and entity id based on the realm and client id from step 2

4 - Add certificates information

  • Copy into src/main/resources/certs/ : the jks from step 1, and the keycloak truststore jks

  • The IDP certificate can be obtained via the following command line:

    • openssl s_client -connect idp_host_name:idp_port -showcerts
    • Crop the content between ---BEGIN CERTIFICATE--- and ---END CERTIFICATE---
    • And paste in a new file (idp.crt)

  • Further we create the jks

    • keytool -storetype JKS -import -trustcacerts -file yourIDP.crt -alias server -keystore idptruststore.jks -storepass truststorepass

  • And check IDP settings

5 - Update Dockerfile with keycloak client jks configuration

  • Set the build process to include it in the new container image
  • Set the Java Options attributes related to the truststore settings:
    • Path and jks name
    • Certificate type
    • Jks password

6 - Run reload.sh script to trigger build and initiate a container

7 - In IDP, add new SAML attributes related to the user

  • User SAML attributes should be mapped (see Mapper, under REALM/client configuration)
    • Add email and fullname (or any other attribute, and update index.html accordingly)

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages