SSO implementation using Shibboleth with Google App Engine java

Question

I am developing an application on Google App Engine in java. In this application I have to implement SSO using SAML2. My google app engine application will act as service provider and identity provider will be a separate server. I have just to write the SP side of SSO. I am new to SAML and did much google on SAML and come to basic flow of user authentication in SSO. I found opensaml library that can be used to handle SAML messages between Idp and SP. I also found Shibboleth which is the implementation of opensaml library. I am very confuse on the decision of choosing opensaml or Shibboleth. can anyone suggest me on choosing opensaml or Shibboleth and if some one have found any tutorial on SP implementation of SSO in Google app engine he can also share it.

Answer 1

You can embed Spring SAML Extension (product built on top of OpenSAML) into your application. It will enable you to act as a SAML 2.0 Service Provider.

You can see a working demo of such approach at http://saml-federation.appspot.com/ which shows a Spring SAML sample application connected to SSO Circle IDP.

Shibboleth doesn't provide a SAML SP component which can be embedded into applications. The Shibboleth SPs act as plugins to Apache or IIS web servers and cannot be used with Google App Engine.

You can also see the Spring SAML as an example of SAML 2.0 WebSSO implementation to follow in case you'd like to write it youself. Latest documentation is available in Spring repos, sources are at GitHub.