Security Assertion Markup Language (SAML), developed by the Security Services Technical Committee of OASIS, is an XML-based framework for communicating user authentication, entitlement and attribute information. SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities, such as a partner company or another enterprise.

The module application.SAML is also:

• A set of XML-based protocol messages
• A set of protocol message bindings
• A set of profiles (utilizing all of the above)

Identity Provider (IdP) is a system that creates, maintains, and manages identity information for principals (users, services, or systems), and provides principal authentication to other service providers (applications) within a federation or distributed network.

Service Provider (SP) is any system that provides services, typically the services for which users seek authentication, including web or enterprise applications. A special type of service provider, the identity provider, administers identity information.

Spring Security has a top-level project named Spring Security SAML. It is considered an extension providing Spring applications to integrate with a variety of authentication and federation mechanisms that supports SAML 2.0. This extension also supports multiple SAML 2.0, profiles as well as IdP and SP initiated SSO.

There are a number of SAML 2.0 compliant products (IdP mode), such as Okta, Ping Federate, and ADFS, that can be integrated into your application quite easily using this Spring Security extension.

Going into detail on SAML is out of the scope of this book. However, we will try to integrate a Spring Boot application that we built earlier, in Chapter 2, Deep Diving into Spring Security, to tweak and convert it into authentication with an SAML 2.0 product: Okta. In the world of SSO, Okta is a well-known product, allowing applications to easily achieve SSO. In the following example, we will also be using the spring-security-saml-dsl project, a Spring Security extension project containing Okta DSL. The use of this eases Spring Security and Okta integration quite significantly. We will also run you through configurations that you will have to use in the Okta platform, to make sure that the example is self-contained and complete. This does not mean that you have to use Okta as the SSO platform for your application; instead, it showcases the Spring Security SAML module, using Okta as an example.

As mentioned previously, we will copy the Spring Boot project that we created in Chapter 2, Deep Diving into Spring Security, as a head start for this example. Now, let's go ahead and look at how we can set up the SSO provider (Okta) first; in subsequent sections, we will look at how we can tweak our copied Spring Boot application to achieve SAML 2.0 authentication.