Skip to Content
Technical Articles

Integrating SAP Identity Provider with Spring Boot Sample Application

There is a plethora of information available over the web about SAML and its jargons like Service Provider, Identity Provider, SAML assertion and so on. This blog mainly concentrates on integrating SAP Cloud Platform Identity Authentication Service (IAS) tenant as an alternative identity provider (IDP) with Spring Boot sample application.

Prerequisites:

Let’s jump into the steps involved in the configuration:

Step 1: Download IDP metadata

  • Go to the admin page of SAP IAS tenant.
    • Navigate to Applications and Resources -> Tenant Settings -> SAML 2.0 Configuration -> Click on Download Metadata File

  •  Save the file as idp_metadata.xml on your local machine.

Step 1: Generation of SAML key store ( Optional step )

  • Keystore provided with the sample application can also be used. For generating the keystore from scratch, below steps can be followed.
  • Open the Command prompt as Administrator and switch to the folder <JAVA_HOME>/bin
  • Run the following command to generate the keystore file

 keytool -genkey -alias <alias name> -keyalg RSA -keysize 2048 -sigalg SHA256withRSA – validity numberofdays -keypass <Key Password> -keystore samlKeystore.jks -storepass <Store Password>

For example:

keytool -genkey -alias SampleKey -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 735 -keypass Password1 -keystore samlKeystore.jks -storepass Password1

Step 2: Changes in the Sample Application

Changes are mainly in the file WebSecurityConfig.java under the package “com.vdenotaris.spring.boot.security.saml.web.config”.

1. Here the idea is to load the metadata of IDP that is downloaded in the previous step. Code changes are mentioned below. Replace the path “<IDP_metadata_filepath>” below with the location where the IDP metadata is saved.

public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider()throws MetadataProviderException {
    File metadatafile = new File("<IDP_metadata_filepath>/idp_metadata.xml");
    FilesystemMetadataProvider fileSystemMetadataProvider = new FilesystemMetadataProvider(this.backgroundTaskTimer, metadatafile);
    fileSystemMetadataProvider.setParserPool(parserPool());
    ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(fileSystemMetadataProvider, extendedMetadata());
    extendedMetadataDelegate.setMetadataTrustCheck(false);
    extendedMetadataDelegate.setMetadataRequireSignature(false);
    backgroundTaskTimer.purge();
    return extendedMetadataDelegate;
}​

2. Update the keystore details in KeyManger method as shown below.

public KeyManager keyManager() {
    DefaultResourceLoader loader = new DefaultResourceLoader();
    Resource storeFile = loader.getResource("classpath:/saml/samlKeystore.jks");
    String storePass = "Password1";  // Store password used while generating the SAML keystore 
    Map<String, String> passwords = new HashMap<String, String>();
    passwords.put("Samplekey", "Password1");// Alias name and key password used while generating the SAML keystore
    String defaultKey = "Samplekey";return new JKSKeyManager(storeFile, storePass, passwords, defaultKey);}

Step 3: Generate Service Provider Metadata

  • Run the sample application in https mode and open the link https://<FQDN>:8080/saml/metadata where <FQDN> is Fully Qualified Domain Name and 8080 is the https port.
  • Save the Service Provider Metadata as SP_Metadata.xml.

Step 4: Upload SP Metadata in IDP

  • Open the admin page of SAP IAS tenant.
  • Navigate to Applications & Resources -> Applications. Create a new application and click on Save.
  • Click on SAML 2.0 configuration and upload the SP_Metadata.xml, which was downloaded in the previous step.

Step 5: Testing

  • Open the link https://<FQDN>:8080 for testing the successful integration of IDP. It should redirect to the configured IDP.

 

 

 

 

 

Be the first to leave a comment
You must be Logged on to comment or reply to a post.