How to integrate Spring boot with Non Gallery Application Using SAML Single Sign On

JaparJarkynbyek 41 Reputation points
2020-07-07T04:58:15.64+00:00

Hello, I am Developing Java Spring Boot System and trying to Integrate with Azure non-gallery app using SAML Single Sign-On. I made a lot of research but I can't find examples of source codes or documentations. On Microsoft documentation like Configure SAML-based single sign-on to non-gallery applications this documentation, I can't find the Spring Boot side configuration.

By the way, my main goal is adding our organization app to Azure gallery app list. Our app used by a lot of companies so if we add our organization app to this list Azure Gallery App list our customers can configure SSO integration.

My question is below:

  1. How to integrate Azure Non-Gallery App to Spring Boot app
  2. How to add out App to Azure Gallery App list so our customers configure Azure AD SSO.

Is anybody help me with this?

Azure Spring Apps
Azure Spring Apps
An Azure platform as a service for running Spring Boot applications at cloud scale. Previously known as Azure Spring Cloud.
109 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,464 questions
0 comments
Accepted answer
  1. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2020-07-07T07:43:32.387+00:00

    @JaparJarkynbyek-2351, Thank you for reaching out. Unfortunately we dont have any saml application's code sample using Java or any other language available in our github repos yet.

    The best way to deal with this would be to go ahead and integrate your custom SAML Spring Boot app as Non-Gallery application as you mentioned. You can follow the steps mentioned below:

    1. Create a Non-Gallery Application, with a proper name.
    2. Once the app is created, go to Single SignOn blade and select Basic SAML Configuration section.
    3. Here you would find the following fields that needs to be filled:
      Identifier (Entity URI): Here you need to put the URI that would be listed as the audience in the SAML response and also this URI would be responsible for consuming the SAML response when it would be sent by AAD to your app. For eg: https://localhost:5500/securityRealm/finish
      Reply URL: Here only the URL responsible for receiving and consuming the SAML response must be specified. Make sure the URL has https and not http. For eg: https://localhost:5500

    These are the basic settings needed from the application's side on Azure. On your application's side you would need to just specify the App Federation Metadata URL or the download the federation metadata content from the Federation Metadata XML and set it out in your application's code.

    11487-samlcertificate.png

    The other things that needs to be checked is the claims, i.e what all claims are needed for your application to work, so that those claims can be pushed by AAD, into the SAML response before it issues the SAML response token to the app.

    Hope this helps. Do let us know if there are any more queries around this so that we can help you further.
    Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest