Spring-Security-Samples/servlet/spring-boot/java/saml2/refreshable-metadata/README.adoc

= SAML 2.0 Refreshable Metadata

This guide provides instructions on setting up this SAML 2.0 Login & Logout sample application.
It uses https://simplesamlphp.org/[SimpleSAMLphp] as its asserting party.

The sample application uses Spring Boot and the `spring-security-saml2-service-provider`
module which is new in Spring Security 5.2.

The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[SAML 2.0 Logout feature] is new in Spring Security 5.6.

== Goals

=== SAML 2.0 Login

`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

The following features are implemented in the MVP:

1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security
2. Send a SAML 2.0 AuthNRequest to an Identity Provider
3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration
4. Work against the Okta SAML 2.0 IDP reference implementation

=== SAML 2.0 Single Logout

`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.

On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.

You can refer to the https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[reference documentation] for more details about the RP- and AP-initiated SAML 2.0 Logout.

=== Refreshable Asserting Party Metadata

The application uses a custom implementation of `RelyingPartyRegistrationRepository` to achieve Asserting Party Metadata refresh feature.
This particular implementation uses a `@Scheduled` annotation to update its metadata every 30 minutes.

== Run the Sample

=== Start up the Sample Boot Application
```
 ./gradlew :spring-security-samples-boot-saml2login:bootRun
```

=== Open a Browser

http://localhost:8080/

You will be redirect to the Okta SAML 2.0 IDP

=== Type in your credentials

```
User: testuser@spring.security.saml
Password: 12345678
```
Update README for SAML 2.0 samples 2022-03-28 11:00:25 -03:00			`= SAML 2.0 Refreshable Metadata`
Add SAML 2.0 Metadata Refresh Sample Closes gh-2 2021-10-28 13:51:25 -03:00
			`This guide provides instructions on setting up this SAML 2.0 Login & Logout sample application.`
			`It uses https://simplesamlphp.org/[SimpleSAMLphp] as its asserting party.`

			The sample application uses Spring Boot and the `spring-security-saml2-service-provider`
			`module which is new in Spring Security 5.2.`

Fix broken links Issue gh-53 2021-12-10 14:13:06 -03:00			`The https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[SAML 2.0 Logout feature] is new in Spring Security 5.6.`
Add SAML 2.0 Metadata Refresh Sample Closes gh-2 2021-10-28 13:51:25 -03:00
			`== Goals`

			`=== SAML 2.0 Login`

Update README for SAML 2.0 samples 2022-03-28 11:00:25 -03:00			`saml2Login()` provides a very simple implementation of a Service Provider that can receive a SAML 2.0 Response via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
Add SAML 2.0 Metadata Refresh Sample Closes gh-2 2021-10-28 13:51:25 -03:00
			`The following features are implemented in the MVP:`

			`1. Receive and validate a SAML 2.0 Response containing an assertion, and create a corresponding authentication in Spring Security`
			`2. Send a SAML 2.0 AuthNRequest to an Identity Provider`
			`3. Provide a framework for components used in SAML 2.0 authentication that can be swapped by configuration`
Update README for SAML 2.0 samples 2022-03-28 11:00:25 -03:00			`4. Work against the Okta SAML 2.0 IDP reference implementation`
Add SAML 2.0 Metadata Refresh Sample Closes gh-2 2021-10-28 13:51:25 -03:00
			`=== SAML 2.0 Single Logout`

Update README for SAML 2.0 samples 2022-03-28 11:00:25 -03:00			`saml2Logout()` supports RP- and AP-initiated SAML 2.0 Single Logout via the HTTP-POST and HTTP-REDIRECT bindings against the https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/[Okta SAML 2.0 IDP] reference implementation.
Add SAML 2.0 Metadata Refresh Sample Closes gh-2 2021-10-28 13:51:25 -03:00
			`On this sample, the SAML 2.0 Logout is using the HTTP-POST binding.`

Fix broken links Issue gh-53 2021-12-10 14:13:06 -03:00			`You can refer to the https://docs.spring.io/spring-security/reference/servlet/saml2/logout.html[reference documentation] for more details about the RP- and AP-initiated SAML 2.0 Logout.`
Add SAML 2.0 Metadata Refresh Sample Closes gh-2 2021-10-28 13:51:25 -03:00
			`=== Refreshable Asserting Party Metadata`

			The application uses a custom implementation of `RelyingPartyRegistrationRepository` to achieve Asserting Party Metadata refresh feature.
			This particular implementation uses a `@Scheduled` annotation to update its metadata every 30 minutes.

			`== Run the Sample`

			`=== Start up the Sample Boot Application`
			```
Update README for SAML 2.0 samples 2022-03-28 11:00:25 -03:00			`./gradlew :spring-security-samples-boot-saml2login:bootRun`
Add SAML 2.0 Metadata Refresh Sample Closes gh-2 2021-10-28 13:51:25 -03:00			```

			`=== Open a Browser`

			`http://localhost:8080/`

Update README for SAML 2.0 samples 2022-03-28 11:00:25 -03:00			`You will be redirect to the Okta SAML 2.0 IDP`
Add SAML 2.0 Metadata Refresh Sample Closes gh-2 2021-10-28 13:51:25 -03:00
			`=== Type in your credentials`

			```
Update README for SAML 2.0 samples 2022-03-28 11:00:25 -03:00			`User: testuser@spring.security.saml`
			`Password: 12345678`
Add SAML 2.0 Metadata Refresh Sample Closes gh-2 2021-10-28 13:51:25 -03:00			```

Update README for SAML 2.0 samples 2022-03-28 11:00:25 -03:00