Spring is a long-time friend to enterprise companies throughout the world. When Spring Boot came along in 2014, it greatly simplified configuring a Spring application. This led to widespread adoption and continued investment in related Spring projects.
One of my favorite Spring projects is Spring Security. In most cases, it simplifies web security to just a few lines of code. HTTP Basic, JDBC, JWT, OpenID Connect/OAuth 2.0, you name it—Spring Security does it!
You might notice I didn’t mention SAML as an authentication type. That’s because I don’t recommend it. The specification for SAML 2.0 was published in March 2005, before smartphones or smart devices even existed. OpenID Connect (OIDC) is much easier for developers to use and understand. Using SAML in 2022 is like implementing a web service using WS-* instead of REST.
My recommendation: just use OIDC.
If you must use SAML with Spring Boot, this tutorial should make it quick and easy.
Thanks for the video explanation. I learnt a lot from this.
Actually I have a requirement where in I have to pass the saml response as token in the x-boa-security-header in string format while calling the next service. How can we do it? Is there any reference i can see?
What i want to achieve is from the rest api → call the saml endpoint for getting the token → and then call the next service by passing this string token as header
Very informative post! I have quick question around downloading the SP metadata file. How can I download the SP metadata file for this sample application?