Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I wanted to implement SSO using Mujina IDP. #84

Open
jegancts opened this issue Apr 7, 2022 · 9 comments
Open

I wanted to implement SSO using Mujina IDP. #84

jegancts opened this issue Apr 7, 2022 · 9 comments

Comments

@jegancts
Copy link

jegancts commented Apr 7, 2022

My application is Angular Front end currently running with basic authorisation using user id and pasword login screen. I wanted to remove this basic login screen functionality and need to add Mujina IDP as login form and authorise.

Do we have any angular front end repo which uses Mujina IDP ?

Also my backend service uses spring boot. where in need to implement the SSO in my back end spring boot as well.

Do we have any spring boot repo which uses mujina IDP ?

Your help would be much appreciated. I spent long hours surfing about Mujina but not seeing much help. It would be great if someone implemented Mujina .....
@thijskh
Copy link
Member

thijskh commented Apr 7, 2022

Hi. Mujina is a mock IdP, i.e. not a real IdP product but meant for testing.

Also, if you have an application that you want to replace the login screen of, I think you are looking for an SP solution rather than an IdP.

Maybe something like Shibboleth-SP is what you need.

@jegancts
Copy link
Author

jegancts commented Apr 7, 2022

Thanks thijskh for the quick response ....Yes I need mock IDP with SSO using mujina for testing purpose. Not in real IDP because i am going to use Azure AD for real IDP. My application is angluar (Front end), Spring boot (backend).

Do i can get any repo (SP) which interacts with Mujina IDP for SSO ? similar like mujina SP .. this would great help for me.

@thijskh
Copy link
Member

thijskh commented Apr 7, 2022

If you want to use a real IdP later you need some kind of real SP implementation in your application. Not a mock SP. So I'd advise to look into Shibboleth-SP.

@jegancts
Copy link
Author

jegancts commented Apr 7, 2022
edited
Loading

Thanks thijskh... however i am more interested Mujina mock IDP to be implemented in my repository. Is that any repo available who implemented mujina IDP would be more helpful and much appreciated !

@jegancts
Copy link
Author

jegancts commented Apr 7, 2022

do we have any documentation to configure external SP to Mujina IDP ?
https://stackoverflow.com/questions/40581068/how-to-add-an-external-sp-service-provider-in-mujina-idp-identity-provider

@jegancts
Copy link
Author

HI Any help would be much appreciated ...

@thijskh
Copy link
Member

thijskh commented Apr 11, 2022

There's no need to configure SP metadata in Mujina IdP, because it's a mock IdP, it will accept authentication requests from any SP that sends one to it. I have answered that on the Stackoverflow question you linked to.

@Githubbili
Copy link

@jegancts HI,jegancts.Have you achieved SSO login? I met some questions during the implementation, and I want to ask you for advice.
my sso config
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://localhost:8080" validUntil="2072-11-15T11:35:17.912Z"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>OH/ZL7JKfSEgp8nCX7urthWVvHY9cybEXls08INEWJk=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>uV6ZTQCcHE+CE2ZHEjH5QQ7eyVLSDgoluWnEIyNnL4Rit9AZip9k2ZAAJfkvAaACSwAOVQJN4Aiy8RB8F9rGGKAXTKC4Lc8Aa2eJs1EZgWWPVl3wSO17Ba3VYN4gT9L4Dk1fA/Pf4YRHlfzSE2lVU2RXAtE8PkcKqiUfcx8pC/BOJSorBMpoy+RL6mKA7NxjBjBvGSb39J7T1H0lJEyyQVDJgCYPS1J+9lp92WRohIE1C3ftH/SN7drNxdlI+5w5o43sm/hGJFMFApcEJzwk+HQbdq79z/Vh4ml5t1qBrDKKNsbYcZ6uZ7Jzl9BIKGrYf94GfWGdhJjmQQaG2LKB3g==</ds:SignatureValue> </ds:Signature> <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>xxx</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8080/SingleSignOnService/Logout"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/SingleSignOnService/Logout"/> <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8080/SingleSignOnService"/> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/SingleSignOnService"/> </md:IDPSSODescriptor> </md:EntityDescriptor>

but i have a question,can you help me?
Snipaste_2022-11-15_20-22-10

@thijskh
Copy link
Member

thijskh commented Nov 16, 2022

The exception says you do not have a SAML message (SAMLRequest) when calling the IdP. So probably your SP does not send a correct SAML message. This is not really a bug in Mujina but a generic SAML configuration question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thijskh @Githubbili @jegancts