|
<b:bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<b:constructor-arg value="WEB-INF/samlKeystore.keystore"/> <b:constructor-arg type="java.lang.String" value="password"/> <b:constructor-arg> <b:map> <b:entry key="<key-alias>" value="<password>"/> </b:map> </b:constructor-arg> <b:constructor-arg type="java.lang.String" value="<key-alias>"/> </b:bean> |
|
Bean property
|
Description
|
|
WEB-INF/samlKeystore.keystore
|
Specify the keystore file that stores the keys for user authentication. This can be a self-signed or a Certificate Authority (CA) generated keystore.
|
|
key-alias
|
Specify the key alias, that is, a unique keystore name that you set during keystore generation.
|
|
password
|
Specify the keystore password required to authenticate the REST Web application.
|
|
<b:bean id="metadata" class="org.springframework.security.saml.metadata.CachingMetadataManager">
<b:constructor-arg> <b:list> <!-- IDP Metadata file --> <b:bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> <b:constructor-arg> <b:bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> <b:constructor-arg> <b:value type="java.io.File"><IdP metadata file name></b:value> </b:constructor-arg> <b:property name="parserPool" ref="parserPool"/> </b:bean> </b:constructor-arg> <b:constructor-arg> <b:bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> <b:property name="local" value="false"/> <b:property name="alias" value="default"/> <b:property name="securityProfile" value="metaiop"/> <b:property name="requireArtifactResolveSigned" value="false"/> <b:property name="requireLogoutRequestSigned" value="false"/> <b:property name="requireLogoutResponseSigned" value="false"/> <b:property name="idpDiscoveryEnabled" value="false"/> <b:property name="ecpEnabled" value="true"/> </b:bean> </b:constructor-arg> </b:bean> <!-- SP Metadata file --> <b:bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate"> <b:constructor-arg> <b:bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider"> <b:constructor-arg> <b:value type="java.io.File"><Service provider metadata file name></b:value> </b:constructor-arg> <b:property name="parserPool" ref="parserPool"/> </b:bean> </b:constructor-arg> <b:constructor-arg> <b:bean class="org.springframework.security.saml.metadata.ExtendedMetadata"> <b:property name="local" value="true"/> <b:property name="alias" value="default"/> <b:property name="securityProfile" value="metaiop"/> <b:property name="requireArtifactResolveSigned" value="false"/> <b:property name="requireLogoutRequestSigned" value="false"/> <b:property name="requireLogoutResponseSigned" value="false"/> <b:property name="idpDiscoveryEnabled" value="false"/> <b:property name="ecpEnabled" value="true"/> </b:bean> </b:constructor-arg> </b:bean> </b:list> </b:constructor-arg> </b:bean> |
|
Bean property
|
Description
|
|
IDP metadata file name
|
Specify the location of the IdP metadata file.
|
|
Service provider metadata file name
|
Specify the location of the REST Web application (Service provider) metadata file.
|
|
<!-- Processing filter for WebSSO profile messages -->
<b:bean id="samlProcessingFilter" class="com.progress.rest.security.OESamlProcessingFilter"> <b:property name="samlEntryPointHandler" ref="initializeSAMLEntryPoint"/> <b:property name="authenticationManager" ref="RestApplicationtAuth"/> <b:property name="authenticationSuccessHandler" ref="successRedirectHandler"/> <b:property name="defaultFilterProcessesUrl" value="<Entity ID>"/> <b:property name="defaultIdpProcessingUrl" value="<IdP URL>"/> </b:bean> |
|
Bean property
|
Description
|
|
defaultFilterProcessesUrl
|
Specify, as a value, the URL where the processing filter for WebSSO must be applied.
|
|
defaultIdpProcessingUrl
|
Specify, as a value, your IdP's URL. For instance, if you use the Progress IdP, you specify the value as https://secure-test.progress.com.
|