Typical SSO with SAML is something called Web SSO Profile. There are many products supporting this on the market for example OpenAM, Shibboleth, OpenSAML and Oracle Identity Federation. The specific configuration is dependant on what product you choose to use. A working example of OpenSAML that I use in my book is availible here.
On a SAML level, the SP and IDP exchanges Metadata which contain configuration information on how the SP and IDP want to communicate.
SSO is then done in four steps:
- SP sees that the user does not have an authenticated session.
- The SP redirects the user to IDP with a SAML AutnRequest as an URL parameter.
- The IDP authenticates the user and redirects it back to the SP with an artifact in URL parameter.
- The SP exchanges the Artifact for an Assertion over SOAP using a ArtifactResolveRequest to the IDP.
If you want to code this yourself in Java, you can use OpenSAML. On my blog I have many examples on how to use it.
In my book, A Guide To OpenSAML, I write alot about this
EDIT New edition of the book is out, covering OpenSAML v3
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…