how to create own IDP for SAML in java or node [closed]

Asked 13/6, 2019 at 16:11 Answered 14/6, 2019 at 23:8

I want to create a SSO to be used by multiple applications, what would be the best way to do it. I was going through SAML2.0 but I am confused as I didn’t find any articles to create own/custom SAML IDP.

1.How feasible it is to create own IDP.
2.What is the best way to implement SSO

Magus answered 13/6, 2019 at 16:11 Comment(2)

There are multiple implementations available and ready to integrate into your own code. However, SO doesn't welcome questions that seek for library/framework guidance. – Vesicle 14/6, 2019 at 14:36

Also, consider the OpenIDConnect rather than SAML2. It's easier to implement. – Vesicle 14/6, 2019 at 14:39

Question 1: How feasible it is to create own IDP?

Yes, it is possible but requires lots of efforts.

This repository can help you figuring out how to build your own IDP: A mock IDP and SP using the OpenSAML library

This repository can help you on how to integrate your own IDP to Spring Boot application: Spring Boot, SAML, and Okta

Question 2: What is the best way to implement SSO?

In my oppinion, the best way to implement SSO is using pay-as-go identity service. It helps you saving efforts and money. There are many such services from Amazon, Google, Apple, Okta, Auth0, geetoPod, etc.

Abstractionism answered 14/6, 2019 at 23:8 Comment(0)

Question 1: How feasible it is to create own IDP?

Answer:
How to build and run Shibboleth SAML IdP and SP using Docker container at GitHub repository provides the instruction on building your own IDP for SAML in Java using Shibboleth SAML IdP and OpenLDAP.

Shibboleth SAML IdP is responsible for identity federation.
OpenLDAP is responsible for identity authentication.

Question 2: What is the best way to implement SSO?

Answer:
Shibboleth IdP has implemented SSO for enterprise applications which have been integrated with SAML SP.

(I) I have validated SAML Single Sign-On (SSO) provided by Docker-running Shibboleth SAML IdP (Identity Provider) and OpenLDAP for the following enterprise applications. In other words, I leveraged Docker-running Shibboleth SAML IdP and OpenLDAP to log in to the following enterprise applications successfully.

Microsoft Office 365
Google G Suite
Salesforce
Dropbox
Box
Amazon AWS
OpenStack
Citrix NetScaler
VMware vCloud Director
Oracle NetSuite

(II) We developed our former version of Zero-Password Authentication and Authorization System in Java and leveraged Shibboleth IdP to provide SAML SSO for enterprise applications.

We developed our current version of Zero-Password Authentication and Authorization System with scalability and high availability in Scala to provide SAML SSO natively for enterprise applications without Shibboleth IdP.

For quick deployment of SAML IdP on your production environment, leveraging third-party SAML IdP (such as Shibboleth IdP) is highly recommended. Then you have sufficient time to develop your own SAML IdP in Java or other programming language.

(III) Another StackOverflow question "How to implement or integrate single sign on with SAML and Shibboleth" provides valuable information and discussions.

Kalb answered 14/6, 2019 at 14:17 Comment(0)

Question 1: How feasible it is to create own IDP?

Question 2: What is the best way to implement SSO?

Recommended topics

Hot tags