subject:"Configuration of Tomcat Container to use SAML authentication"

Re: Configuration of Tomcat Container to use SAML authentication

2018-06-11 Thread Luis Rodríguez Fernández

Hello Sandeep,

Both keycloack saml adapter [1] or the servlet filter[2] work for me
out-of-the-box.

I am using tomcat 9.0.5

Cheers,

Luis


[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter
[2]
https://www.keycloak.org/docs/latest/securing_apps/index.html#java-servlet-filter-adapter

2018-06-09 14:09 GMT+02:00 Arnaud Yahoo :

> Hello,
>
> I recently tried (with success) the tomcat Valve from Fediz (Apache CXF)
>
> http://cxf.apache.org/fediz-tomcat.html
>
> Note tha you need to take a recent 1.4.4 snapshot, because 1.4.3 has some
> bugs preventing it to work with SAML
>
> Hope this help
>
> Arnaud
>
>
>
> On 08/06/2018 21:49, Christopher Schultz wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Sandeep,
>>
>> On 6/8/18 10:39 AM, Sandeep Muddamsetty wrote:
>>
>>> We are trying to implement  SAML SSO configuration on Tomact 8.5.X
>>> servers . As we came to know that there is no direct
>>> implementation of this authentication process  through some of the
>>> blogs and need to depend on third party tools to make it possible .
>>> As we are seeing so many tools  while searching for this but  not
>>> getting exact information to use which tool . Do we have any apache
>>> recommended tools for this ?.
>>>
>> I don't have a particular recommendation for you, but if you find
>> something that works well, would you mind sharing your experience with
>> the community?
>>
>> I have implemented SAML SSO myself, but we don't use Tomcat's built-in
>> authentication and authorization framework, so it wouldn't be applicable
>> .
>>
>> You will almost certainly have to implement a Valve (which is a
>> Tomcat-specific component) to accomplish this. You might want to look
>> at the org.apache.catalina.authenticator.FormAuthenticator source code
>> to see how it's done. Much of the heavy-lifting is done by the
>> AuthenticatorBase class, but the
>> doAuthenticate(Request,HttpServletResponse) method is where the "real
>> work" gets done to handle the incoming data, etc.
>>
>> I suspect if you began with that code and started chopping-out pieces
>> and replacing them with parsing of the SAML response, validating and
>> verifying its authenticity, and then obtaining the user's identity
>> through the various SAML attributes sent by the identity provider, you
>> could get quite far on your own.
>>
>> If you want to use an outside authentication system, it wouldn't
>> surprise me to discover that Spring Security already had a plug-in for
>> this kind of thing.
>>
>> Hope that helps,
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsa3d0ACgkQHPApP6U8
>> pFgk1A//dRubWfOSrqniOQcUz0kFPtgyCYVOKBus6HLoo2+nWR6yXarLvbA8WG0+
>> rOcpmrSI4k2hcsjtDCG1GgtzdKVKdQhWJk5ZZOAomEl5Bwyj97geUxtrsnOwgXBY
>> BxY+p1m0IJuTSG5qF8i+zkvdfSRESghPx+wAUwxhf8g/XGucGA+S39HyEUrEGx6y
>> hkgdWvZdj13MIBADidY54yyq7mCqccAz+Qn7D87E5i65D4aM4mBjqUM33U+55t/C
>> 6FQjRSDJVO0ShRrQg4gPLk7r9f1BNibr0gdiy5oCg4P/zbDLEvVNVnViGQV4gjmx
>> P3scgYGhamHLdTyGtmN1Bz19Ls1GFLia9JdA/2AtD41V6wpTIoWoN8wdHDOWTuO6
>> JTRDzTmLimjI38ca5ze26JJITueKK4MTpSL7eAcRopXfW4qoNi6Rc87hUUA/btT7
>> UhZGqeDVlyXTGQi5/KdL6BaFan+s6ILG/Ntuy9jCyohx/Jwrwx0XoksbjgTxYhhd
>> zYRlHG8XSEcGt9epHLm5G2Rnk8GfeuzuBtj512+QxsX6VrI2q3sHuIPIgA7Egsa4
>> LMNntcn156spvvrF2AbsGevCqKp+fka6JL6FT7cT7EHJ60spi93kLpKx+oN1j4wI
>> YInTT9ClPaEvj85EO5eKJdTAMPReB0Hj3ZvUeoj4Kvx1enenTG4=
>> =1Fc/
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

Re: Configuration of Tomcat Container to use SAML authentication

2018-06-09 Thread Arnaud Yahoo


Hello,

I recently tried (with success) the tomcat Valve from Fediz (Apache CXF)

http://cxf.apache.org/fediz-tomcat.html

Note tha you need to take a recent 1.4.4 snapshot, because 1.4.3 has 
some bugs preventing it to work with SAML


Hope this help

Arnaud


On 08/06/2018 21:49, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sandeep,

On 6/8/18 10:39 AM, Sandeep Muddamsetty wrote:

We are trying to implement  SAML SSO configuration on Tomact 8.5.X
servers . As we came to know that there is no direct
implementation of this authentication process  through some of the
blogs and need to depend on third party tools to make it possible .
As we are seeing so many tools  while searching for this but  not
getting exact information to use which tool . Do we have any apache
recommended tools for this ?.

I don't have a particular recommendation for you, but if you find
something that works well, would you mind sharing your experience with
the community?

I have implemented SAML SSO myself, but we don't use Tomcat's built-in
authentication and authorization framework, so it wouldn't be applicable
.

You will almost certainly have to implement a Valve (which is a
Tomcat-specific component) to accomplish this. You might want to look
at the org.apache.catalina.authenticator.FormAuthenticator source code
to see how it's done. Much of the heavy-lifting is done by the
AuthenticatorBase class, but the
doAuthenticate(Request,HttpServletResponse) method is where the "real
work" gets done to handle the incoming data, etc.

I suspect if you began with that code and started chopping-out pieces
and replacing them with parsing of the SAML response, validating and
verifying its authenticity, and then obtaining the user's identity
through the various SAML attributes sent by the identity provider, you
could get quite far on your own.

If you want to use an outside authentication system, it wouldn't
surprise me to discover that Spring Security already had a plug-in for
this kind of thing.

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsa3d0ACgkQHPApP6U8
pFgk1A//dRubWfOSrqniOQcUz0kFPtgyCYVOKBus6HLoo2+nWR6yXarLvbA8WG0+
rOcpmrSI4k2hcsjtDCG1GgtzdKVKdQhWJk5ZZOAomEl5Bwyj97geUxtrsnOwgXBY
BxY+p1m0IJuTSG5qF8i+zkvdfSRESghPx+wAUwxhf8g/XGucGA+S39HyEUrEGx6y
hkgdWvZdj13MIBADidY54yyq7mCqccAz+Qn7D87E5i65D4aM4mBjqUM33U+55t/C
6FQjRSDJVO0ShRrQg4gPLk7r9f1BNibr0gdiy5oCg4P/zbDLEvVNVnViGQV4gjmx
P3scgYGhamHLdTyGtmN1Bz19Ls1GFLia9JdA/2AtD41V6wpTIoWoN8wdHDOWTuO6
JTRDzTmLimjI38ca5ze26JJITueKK4MTpSL7eAcRopXfW4qoNi6Rc87hUUA/btT7
UhZGqeDVlyXTGQi5/KdL6BaFan+s6ILG/Ntuy9jCyohx/Jwrwx0XoksbjgTxYhhd
zYRlHG8XSEcGt9epHLm5G2Rnk8GfeuzuBtj512+QxsX6VrI2q3sHuIPIgA7Egsa4
LMNntcn156spvvrF2AbsGevCqKp+fka6JL6FT7cT7EHJ60spi93kLpKx+oN1j4wI
YInTT9ClPaEvj85EO5eKJdTAMPReB0Hj3ZvUeoj4Kvx1enenTG4=
=1Fc/
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuration of Tomcat Container to use SAML authentication

2018-06-08 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sandeep,

On 6/8/18 10:39 AM, Sandeep Muddamsetty wrote:
> We are trying to implement  SAML SSO configuration on Tomact 8.5.X 
> servers . As we came to know that there is no direct
> implementation of this authentication process  through some of the
> blogs and need to depend on third party tools to make it possible .
> As we are seeing so many tools  while searching for this but  not
> getting exact information to use which tool . Do we have any apache
> recommended tools for this ?.

I don't have a particular recommendation for you, but if you find
something that works well, would you mind sharing your experience with
the community?

I have implemented SAML SSO myself, but we don't use Tomcat's built-in
authentication and authorization framework, so it wouldn't be applicable
.

You will almost certainly have to implement a Valve (which is a
Tomcat-specific component) to accomplish this. You might want to look
at the org.apache.catalina.authenticator.FormAuthenticator source code
to see how it's done. Much of the heavy-lifting is done by the
AuthenticatorBase class, but the
doAuthenticate(Request,HttpServletResponse) method is where the "real
work" gets done to handle the incoming data, etc.

I suspect if you began with that code and started chopping-out pieces
and replacing them with parsing of the SAML response, validating and
verifying its authenticity, and then obtaining the user's identity
through the various SAML attributes sent by the identity provider, you
could get quite far on your own.

If you want to use an outside authentication system, it wouldn't
surprise me to discover that Spring Security already had a plug-in for
this kind of thing.

Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsa3d0ACgkQHPApP6U8
pFgk1A//dRubWfOSrqniOQcUz0kFPtgyCYVOKBus6HLoo2+nWR6yXarLvbA8WG0+
rOcpmrSI4k2hcsjtDCG1GgtzdKVKdQhWJk5ZZOAomEl5Bwyj97geUxtrsnOwgXBY
BxY+p1m0IJuTSG5qF8i+zkvdfSRESghPx+wAUwxhf8g/XGucGA+S39HyEUrEGx6y
hkgdWvZdj13MIBADidY54yyq7mCqccAz+Qn7D87E5i65D4aM4mBjqUM33U+55t/C
6FQjRSDJVO0ShRrQg4gPLk7r9f1BNibr0gdiy5oCg4P/zbDLEvVNVnViGQV4gjmx
P3scgYGhamHLdTyGtmN1Bz19Ls1GFLia9JdA/2AtD41V6wpTIoWoN8wdHDOWTuO6
JTRDzTmLimjI38ca5ze26JJITueKK4MTpSL7eAcRopXfW4qoNi6Rc87hUUA/btT7
UhZGqeDVlyXTGQi5/KdL6BaFan+s6ILG/Ntuy9jCyohx/Jwrwx0XoksbjgTxYhhd
zYRlHG8XSEcGt9epHLm5G2Rnk8GfeuzuBtj512+QxsX6VrI2q3sHuIPIgA7Egsa4
LMNntcn156spvvrF2AbsGevCqKp+fka6JL6FT7cT7EHJ60spi93kLpKx+oN1j4wI
YInTT9ClPaEvj85EO5eKJdTAMPReB0Hj3ZvUeoj4Kvx1enenTG4=
=1Fc/
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Configuration of Tomcat Container to use SAML authentication

2018-06-08 Thread Sandeep Muddamsetty

Hi ,
 We are trying to implement  SAML SSO configuration on Tomact 8.5.X servers 
. As we came to know that there is no direct implementation of this 
authentication process  through some of the blogs and need to depend on third 
party tools to make it possible . As we are seeing so many tools  while 
searching for this but  not getting exact information to use which tool . Do we 
have any apache recommended tools for this ?.

Thanks In Advance .




Thanks & Regards,
-
Sandeep Muddamsetty |  V3OPS Group
Email ID : smuddamse...@vitechinc.com
-



This e-mail message and any files transmitted with it may contain confidential 
and proprietary information and are intended solely for the use of the 
individual or entity to which they are addressed. Any unauthorized review, use, 
disclosure or distribution is strictly prohibited. If you have received this 
e-mail in error please notify the sender by reply email and destroy all copies 
of the original message. Thank you for your cooperation.

Re: Configuration of Tomcat Container to use SAML authentication

Re: Configuration of Tomcat Container to use SAML authentication

Re: Configuration of Tomcat Container to use SAML authentication

Configuration of Tomcat Container to use SAML authentication

4 matches

Site Navigation

Mail list logo

Footer information