It is necessary to implement SSO, preferably through OAuth 2, can someone throw sensible articles / examples, what he found, with almost no comments.
- onedocs.spring.io/spring-security/site/docs/3.0.x/reference/...docs.spring.io/spring-security-saml/docs/current/reference/html/… - Vartlok
- oneUnfortunately, there is no ready-made example to simply assemble a project and launch it in order to understand whether it is necessary or not - GermanSevostyanov
- oneIt also will not be, if you do not specify with what exactly you are integrated. You need a certain provider who will be responsible for validating the user, and Spring Security is just a user of this provider. - Vartlok
- oneCould you please tell me which way to go to realize this? I need those already ready (someone written provider), and SS will connect with it? I am very poorly oriented in this topic - GermanSevostyanov
- oneCAS - en.wikipedia.org/wiki/Central_Authentication_Service integration with spring is the first link in my first post. - Vartlok
|
1 answer
Alternatively, you can use CAS (as already indicated) or Gluu.
CAS does not provide the ability to manage users, for this you need to use an additional web service to manage the user database.
You can implement SSO for example using Spring. As an authentication mechanism, use OpenID Connect Basic (OAuth 2.0 extension for authentication, you can find out more here ). It is easily implemented using Spring Security OAuth . On the server side of SSO, use the settings of the authorization service; on the client side, redefine the Spring Security filtering chain (for example ). Next, just implement OpenID Connect Basic.
Separately, I note that in the case of using the Authorization Code Grant stream in OAuth 2.0, you can not use the ID Token described in the mechanism. This is particularly mentioned by Ryan Boyd in this book.
A more complete description of this kind of implementation can be found here:
Vladislav Tankov Vladislav Tankov
61 6
- It is better to transfer the basic information from the links here, since if the links become invalid, the answer will be useless. Links can be as an addition. - Flowneee
- Reasonably, made additional information. - Vladislav Tankov
|