commit | 3f34a8ebb2d074b49c31c913480999db694fbf11 | [log] [tgz] |
---|---|---|
author | Cris Rockwell <cmrockwe@umich.edu> | Mon Apr 13 13:17:49 2020 -0400 |
committer | Cris Rockwell <cmrockwe@umich.edu> | Mon Apr 13 13:17:49 2020 -0400 |
tree | 2ad254af909263e810d8465dea7586b3d48e9b2a | |
parent | e5bfb0e8d1a10b9ed784464ad68b4c4622bacba6 [diff] |
Refactor project by removing the Internal (development) IDP. Deleted anything used only by the IDP code.
This project is intended to be a contribution to the Apache Sling project; it has a SAML2 Service Provider Authentication Handler and the associated SAML2 servlets and utilities.
It is a work in progress and not production ready!
SP_POST_Request;_IdP_POST_Response https://en.wikipedia.org/wiki/SAML_2.0#SP_POST_Request;_IdP_POST_Response
idp
is a test fixture based on the OpenSAML V3 eBook. It will be useful for minimizing setup for testing purposes. Set to disabled for production.sp
is the package for service provider classes utilitiesHelpers
static utilities for help using the opensaml library$ cd sling
$ mkdir keys
$ cd keys
While https on Jetty is technically not required, it serves a few purposes here: provides better security for direct access, and confirms the Java Keystore is configured properly and accessible by the sling system user.
$ keytool -genkeypair -keyalg RSA -validity 365 -alias samlStore -keystore samlKeystore.jks -keypass key_password -storepass storepassword -dname "CN=localhost, OU=LSA Technology Services, O=University of Michigan,L=Ann Arbor, S=MI, C=US"
Note: Make note of the JKS filename and path, storepass, keypass, and cert alias.
org.apache.felix.https.enable=B“true”
org.osgi.service.http.port.secure=I“443”
org.apache.felix.https.keystore=“./sling/keys/slingKeystore.jks”
org.apache.felix.https.keystore.key.password=“key_password” org.apache.felix.https.keystore.password=“storepassword” org.apache.felix.https.truststore.password=“storepassword”
Option 1: Generate using Keytool$ keytool -genkey -alias samlKeys -keyalg RSA -keystore samlKeystore.jks
Option 2: Import Existing into jks$ keytool -importkeystore -srckeystore serviceProviderKeys.p12 -destkeystore theKeystore.jks -srcstoretype pkcs12 -alias spKeysAlias
$ keytool -import -file idp-signing.pem -keystore theKeystore.jks -alias IDPSigningAlias