I'm investigating the feasibility of SP-initiated SSO in the context of our solution whereby a 3rd party product would like to launch our product so that the user does not need to authenticate again.
The jist of the workflow is:
Unfortunately, our product cannot currently send SAML requests to an IdP (i.e. we cannot do step 2).
Are there any 3rd party products out there that could "act" as an SP (listen for requests from 3rd party and send a SAML request to the IdP) on behalf our the real SP, in effect, perform Step 2 for us?
答案 0 :(得分:1)
您可以使用一些Java库。有关您的类似问题,请参阅here。除了那里提供的有用答案之外,您还可以看一下OneLogin中的another well-maintained open source Java library。它维护得很好,来自该领域的主要竞争对手。