Announcement Announcement Module
Collapse
No announcement yet.
Integrate with multiple ADFSs Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Integrate with multiple ADFSs

    Is that possible to integrate with multiple IDP (ADFS) systems, instead of letting one ADFS relaying to others? How do I configure it?

    In looking at chapter 6, the XML definition for ExtendedMetadataDelegate would be something like below?

    <bean class="org.springframework.security.saml.metadata. ExtendedMetadataDelegate">
    <constructor-arg>
    <list>
    <bean class="org.opensaml.saml2.metadata.provider.Filesy stemMetadataProvider">
    <constructor-arg>
    <value type="java.io.File">classpath:security/FederationMetadata1.xml</value>
    </constructor-arg>
    <property name="parserPool" ref="parserPool"/>
    </bean>

    <bean class="org.opensaml.saml2.metadata.provider.Filesy stemMetadataProvider">
    <constructor-arg>
    <value type="java.io.File">classpath:security/FederationMetadata2.xml</value>
    </constructor-arg>
    <property name="parserPool" ref="parserPool"/>
    </bean>
    </list>
    </constructor-arg>
    ..... <the rest is the same>

  • #2
    Hi,

    It's indeed possible to configure multiple IDP's, including multiple ADFS's. First of all you need to include metadata documents for each of the ADFS instances, just like you mention. During initialization of the SSO process it is then necessary to specify which IDP to authenticate with. The process for this is called IDP discovery and the sample application includes an example in its default settings.

    The configuration of the CachingMetadataManager bean could for example look something like this:

    Code:
    <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
        <constructor-arg>
            <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
                <constructor-arg>
                    <value type="java.io.File">classpath:security/ADFS1.xml</value>
                </constructor-arg>
                <property name="parserPool" ref="parserPool"/>
            </bean>
        </constructor-arg>
        <constructor-arg>
            <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
            </bean>
        </constructor-arg>
    </bean>
    <bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
        <constructor-arg>
            <bean class="org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider">
                <constructor-arg>
                    <value type="java.io.File">classpath:security/ADFS2.xml</value>
                </constructor-arg>
                <property name="parserPool" ref="parserPool"/>
            </bean>
        </constructor-arg>
        <constructor-arg>
            <bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
            </bean>
        </constructor-arg>
    </bean>
    Cheers, Vladi

    Comment


    • #3
      Thanks for your prompt reply. I appreciate it.

      Comment

      Working...
      X