Dec 11th, 2012, 06:04 PM
VMWare Horizon and Spring Security SAML app
Hi team, have anybody successfully integrated this application with VMWare Horizon?
I am trying to set it up but keep getting error in Horizon when adding metadata from spring-security-saml2-sample
"Requested action 'getSPAttrs' failed."
Any ideas or experience?
Dec 13th, 2012, 10:26 AM
How to make your Spring application accept SAML using Spring Security
I also found the SAML sample hard to get working, so in the end, I created my own SAML spring security solution. Take a look at the following post on the VMware forums.
Originally Posted by Vladimir.Fedorov
Dec 30th, 2012, 05:10 AM
Integrating Horizon has been tested and is very easy to do, bellow are detailed steps and some screenshots. The tested version is trunk version of SAML extension from 28.12.2012 and Horizon 126.96.36.1995307.
Initialize IDP metadata
- Open Horizon as an organization admin, go to Settings -> SAML Certificate and copy link for "Identity Provider (IdP) metadata" (e.g. http://test.rm5.local:8080/SAAS/API/...tadata/idp.xml) (01.jpg)
- Download SAML extension, open saml2-sample/src/main/resources/security/securityContext.xml, find bean "metadata" and replace value "http://idp.ssocircle.com/idp-meta.xml" with the URL stored in the previous step
- Compile the module with "mvn package" and deploy the saml2-sample/target/spring-security-saml2-sample.war, make sure application is available at e.g. "http://localhost:8080/spring-security-saml2-sample/"
Initialize SP metadata
- Back in Horizon select Applications - Add Application, make sure to check "Sign the assertion". In auto-discovery URL enter e.g. "http://localhost:8080/spring-security-saml2-sample/saml/metadata/alias/defaultAlias" (system will provide warning "No attributes were found" when clicking populate attributes, but warning can be safely ignored as metadata is not required to include any attributes). You can define your own attributes and store with Save. (02.jpg)
- Provide the new application to your users e.g. by clicking add on group entitlements and selecting "all users" with automatic deployment. (03.jpg)
- Logout from Horizon
- for IDP initialized SSO log-in back to Horizon with your basic user and select the newly created application
- for SP initialized SSO open SAML extension, select horizon server from the list of IDPs and click login
Hope this helps,
Feb 12th, 2013, 02:37 PM
Thanks a lot Vladimir, all worked like a charm!