Most apps I have seen implement it themselves using a SAML framework like spring. usually they build the functionality into their App. I suppose you could build a tomcat implementation, Tomcat supports J2EE so you could leverage those mechanisms to get the tomcat session. I don't think there is anything OOTB for tomcat SAML. Essentially you need to create a couple endpoints, One for SAML metadata retrieval/generation and one for parsing an incoming SAML assertion. assuming your providing a service with your App. You would also want a logout endpoint. You will also need to figure out login as your App needs to redirect to the IDP in the event an user does not have a session. Some SPs have a local login and IDP login. So you would have to implement that.
in my quick google searching there seems to be a tool called PicketLink that might do some of this for you. This seems to be a decent write up although I haven't used it. https://dzone.com/articles/saml-single-sign-on-with-tomcat-and-picketlink On Tue, Dec 22, 2020 at 12:04 PM Steve Sanders <stevesander...@gmail.com> wrote: > Just to add on to the options already listed (which I'm sure work just > great!), we used openSAML and wrote our own valve fairly painlessly and > have been having really good success with it. > > Steve Sanders > > On Mon, Dec 21, 2020 at 1:17 PM George Stanchev < > george.stanc...@microfocus.com> wrote: > > > We use spring-security-saml for application-level SP implementation and > it > > works pretty good too. The project is in the process of being rewritten > > from scratch though with 2.0 in milestone builds. No direct integration > > with Tomcat though but on application level. > > > > George > > > > -----Original Message----- > > From: André Warnier (tomcat/perl) <a...@ice-sa.com> > > Sent: Thursday, December 17, 2020 8:42 AM > > To: users@tomcat.apache.org > > Subject: Re: Tomcat SSO valve implementation > > > > On 16.12.2020 19:39, Kevin Oxley wrote: > > > We are trying to support SSO SAML 2.0 for user authentication in Tomcat > > > (9.0.22). Can anybody provide a reference to a pre-integrated SAML > SSO > > > valve implementation that you've had a good experience with? > > > > > > > searching Google for "SAML SP for servlet engine" gives a few links, > among > > them this one : > > > https://dzone.com/articles/saml-single-sign-on-with-tomcat-and-picketlink > > > > I haven't tried it myself. In my cases, I always use an Apache httpd > > front-end, which does the authentication prior to proxying to a back-end > > tomcat (with the Connector attribute ' > > tomcatAuthentication="false" '). In the front-end Apache2 httpd then, we > > use Shibboleth as the SAML SP side. > > That works perfectly. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > -- Thanks, Brian Wolfe https://www.linkedin.com/in/brian-wolfe-3136425a/
