Add SAML authentication to spring-boot app with WSO2 IS.

4 min readMay 8, 2020

This blog shows how you can add saml authentication to a spring-boot-application with the WSO2 Identity server in a few minutes.

The sample application uses Spring Boot and the spring-security-saml2-service-provider module which is new in Spring Security 5.2 [1]. This shows how to integrate your spring-boot-saml application with WSO2 Identity Server.

If you have spring-security-saml2-service-provider on your classpath, you can take advantage of some auto-configuration to make it easy to set up a SAML 2.0 Relying Party. This configuration makes use of the properties under Saml2RelyingPartyProperties.

This blog contains the content under the following topics.

1. Register a saml aservice provider
2. Create a Spring-boot-project
3. Integrate with WSO2 Identity Server
4. Try it out!

Register a saml service provider

The next step is to configure spring-boot-app as the service provider. The following steps instruct you on how to do this.

Start the Identity Server and access the management console using https://localhost:9443/carbon/
Log in to the Identity Server using default administrator credentials (the username and password are both “admin”).
In the management console found on the left of your screen, navigate to the Main menu and click Add under Service Provider.
Expand the Inbound Authentication Configuration section and then expand SAML2 Web SSO Configuration.

Service Provider : sampleappIssuer: http://localhost:8080/saml2/service-provider-metadata/wso2Description: This is a spring-boot application secured with SAML using WSO2ISAssertion Consumer URL : http://localhost:8080/login/saml2/sso/wso2

Create a Spring-boot-project

You can go to this https://start.spring.io/ site and create a spring-boot project.
Click on the ADD DEPENDENCIES button .

Add the following dependencies.

Spring Boot DevTools DEVELOPER TOOLS
Spring Web WEB
Spring Security SECURITY
Thymeleaf

Click on the Generate button and create your spring boot project

Integrate with WSO2 Identity server

Add the spring-security SAML2 dependency.

<dependency> 
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-saml2-service-provider</artifactId> </dependency>

Add the configurations in the application.properties file found under src/main/resources/ folder.

Add a ConfigSecurity.java class extending WebSecurityConfigurerAdapter class and add the functionality to handle login.

This class will take care of the login request when the user redirects to http://localhost:8080/login page.
Then we need to handle the response that is sent by the IDP. After the successful authentication, the page will be redirected to http://localhost:8080. So we need to add a mapping for this redirection.

Create a index.html page inside resources/templates/ folder. From this Landing controller class, redirect to an index.html page. Thymleaf dependency will take care of this mapping of html page.

Now you have successfully authenticated and redirected to your app!.
You can find a sample application here. https://github.com/piraveena/spring-boot-saml2-sample

Try it out

Run the spring-boot-application

2. Go to http://localhost:8080 url

3. You will be redirected to WSO2 Identity Server’s login page. Enter the credentials there.

4. You will be prompted with the consent page.

5. Once you approve the consent, you will be redirected back to http://localhost:8080 page. In the html page, I have printed the username and the saml response.