0

I am new to spring security saml and to SSO as well really. Anyway I am developing an application where I am implementing SSO using spring security saml. The IDP I use is Onelogin.

At the moment I can sign into my application using saml both SP initialized and IDP initialized. So far so good.

What I would like to know, how I can login with SP initialized SSO and get authenticated to multiple resources inside my application for example Tableau Server.

I am not sure how to approach this scenario. Do I need multiple samlEntryPoints for different resources, multiple IDP-metadata files, use cookies or store an authentication token somewhere?

How do I do this?

Thx!

ManojP
  • 6,113
  • 2
  • 37
  • 49
Oscar J
  • 1
  • 1

1 Answers1

0

You need to configure your others SPs with IDP server. Use IDP metadata file inside your other service(SP) and then generate SP metadata file. which you need to upload on IDP server and configure this SP as well.

Now you can login any SP using SP initialized or IDP initialized SSO. User will get authenticated in all connected SPs if it present in their DB or based on your authentication implementation.

You can refer a link.

Community
  • 1
  • 1
ManojP
  • 6,113
  • 2
  • 37
  • 49
  • The issue for me is not so much the ability to access different services. It is more about the authentication implementation. Atm when I login to my application the SP initialized SSO works fine. When I navigate to a page in my application where I try to access some resource from another service I am unauthorized. If I click on access for that resource on that page I get authorized by my IDP. I am not sure how I approach the authentication process to automatically get authorized to the other services as well from my samlEntryPoint and have an actual SSO. – Oscar J Jul 21 '15 at 08:45
  • I implemented same scenario with two SPs, where I am accessing second SP's data inside my first SP page after authentication. I am not sure whether you have common userName across all SPs. – ManojP Jul 21 '15 at 08:49
  • For most of the users that's the case! – Oscar J Jul 21 '15 at 09:08
  • Have you configured all SPs with IDP using SP metadata and IDP metadata? – ManojP Jul 21 '15 at 09:11
  • Yes I have no problem connecting to any of the SP with SAML – Oscar J Jul 21 '15 at 09:12
  • How you are trying to access another SP from your first SP page? – ManojP Jul 21 '15 at 09:17
  • I have tried different approaches but I am not sure how you are supposed to do this. I have tried with multiple samlEntryPoints for different resources. I have tried using multiple IDP-metadata files. – Oscar J Jul 21 '15 at 09:24
  • I trashed the samlEntryPoint part pretty quick since that won't be SSO :P – Oscar J Jul 21 '15 at 09:24