How to implement Single Sign On using Spring and Active Directory

Lawrence Tierney picture Lawrence Tierney · Jul 31, 2013 · Viewed 10.6k times · Source

I have a Spring based Web App which I would like to implement a Single Sign On solution on.

The basic flow would be:

1) User logs in into Windows Workstation/Desktop PC (authenticating against organisation's Active Directory)

2) User opens browser and navigates to Spring Web App.

3) Spring Web App somehow confirms that the user is already authenticated against AD and seamlessly lets them in. i.e. no challenge for username and password. Infact, the Spring web app would NEVER show a login form.

Obviously it's step 3 I am having trouble with.

I have looked at Spring Security, Kerberos, SPNEGO but I think I've just confused myself.

If it makes a difference I am using Java 6, running on Jetty with Spring 3. The Jetty instance will be running on a *Nix machine.

Answer

ManojP picture ManojP · Apr 2, 2015

I have implemented the same thing for my client. We are using spring-saml in our spring based web application (acts as Service Provider) and ADFS as Identity Provider(IDP).

You can take help from this link for configuration part. I will help you out if you face any problem related to implementation or setup issue.

Basically your web-app will act as SP and ADFS will be treated as IDP. You need to exchange both metadata file which is nothing but a certificate for communication.