New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Saml2 Federation Enhancements #12840
Comments
Great. Perhaps you can look through this SAML WebSSO Technology Profile V1.0.0.pdf for some more things to consider? Thanks. |
Edit: |
While some are loosely related, these tickets are what was needed to support multiple asserting parties from one provider. I think the confusion comes from the fact that a |
Hello, Would you and anyone happen to know if this is possible? Thanks for any suggestions. |
Hi, @coffeebeantraining! The best place for this question is StackOverflow, which we monitor regularly for questions like that one. If you've already asked there, feel free to paste your link here for increased visibility. The short answer to your question is Spring Security is designed to run within any standard servlet container. If you are planning on using Tomcat, you might consider Spring Boot, which embeds Tomcat and simplifies configuration and deployment a great deal. |
@jzheaux Thank you for reply. In our situation we need to be able to use the container, either Tomcat or TomEE as the container and just include the plugin jar or extension and be able to configure it to act as the Service Provider. I'm not sure how that work work with Spring Boot and embedding tomcat. We're not looking to build any apps, but rather migrate existing apps (war files) without access to source code and be able to integrate with MSFT Entra ID SAML. I did get a proof of concept working with Apache Fediz Tomcat plugin, but that was compiled with JDK8 so it doesn't work in our situation because we're using TomEE as the container with JDK21 and I believe Fediz is using javax whereas TomEE uses Jarkarta. |
Posted a question on Stack Overflow and hoping someone can provide some insight, Thanks, |
A common SAML use case is where authentication is federated by an identity provider of more than one issuer.
It would be nice for Spring Security to simplify this. There are already a number of tickets in place to achieve this; they are aggregated here:
RelyingPartyRegistrations#collectionFromMetadataLocation
The text was updated successfully, but these errors were encountered: