Mayur Khachane Wed, 01/10/2025 - 11:04

Secure Spring Boot applications with SAML authentication

Posted By

Mayur Khachane

Date Posted
01-Oct-2025
How to Secure Spring Boot apps with SAML authentication

In the previous blog of our Java Spring Security series, we explored how to secure your Spring Boot applications using core features like form login, JWT, and method-level security. Now, we’ll take it a step further and focus on enterprise-level authentication using SAML (Security Assertion Markup Language).

SAML is a powerful tool when you need Single Sign-On (SSO) support - especially in corporate environments where users authenticate through systems like Okta, Azure AD, or ADFS.

In this follow-up blog, we’ll show you how to extend your existing Spring Boot application by integrating SAML for Single Sign-On (SSO). This is especially useful when your application is part of a larger ecosystem and needs to delegate authentication to a centralized Identity Provider (IdP).

What it SAML

SAML is an XML-based protocol that enables Single Sign-On (SSO) between multiple systems. It works by passing a digitally signed assertion (i.e., a user identity) from the Identity Provider (IdP) to your application, also known as the Service Provider (SP).

The three main components of SAML

  • User: The person accessing the application.
  • Identity Provider (IdP): Authenticates the user (e.g., Okta, Azure AD).
  • Service Provider (SP): Your Spring Boot application.

How to configure SAML support to a Spring Boot application

Follow these steps:

Dependency for spring-security-saml2-core

If you are using Maven, add the following to your pom.xml

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-saml2-service-provider</artifactId>
</dependency>
For Gradle, add the following in build.gradle
dependencies {
...
implementation    'org.springframework.security:spring-security-saml2-service-provider'
...
}

Configure Spring Security for SAML

Spring Security makes it simple to plug in SAML authentication. Create and update SecurityConfig:

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorize -> authorize
                .anyRequest().authenticated()
            )
            .saml2Login(); // Enables SAML2 login
        return http.build();
    }
}

Configure application properties

We need to tell Spring about your identity provider. Add the following to application.yml or application.properties.

Example for application.yml:

spring:
  security:
    saml2:
      relyingparty:
        registration:
          my-idp:
            identityprovider:
              entity-id: https://idp.example.com/saml2/idp
              verification:
                credentials:
                  - certificate-location: classpath:idp-certificate.crt
              single-sign-on-service-location: https://idp.example.com/saml2/sso
            assertingparty:
              entity-id: your-app-entity-id
  • Replace URLs and entity IDs with those from your IdP configuration.
  • Make sure the certificate from your IdP is in your `resources` folder.

If you’d like to take your application security to the next level, explore Opcito’s Cloud Security and Monitoring services to design, implement, and scale secure cloud-native solutions.

Test SAML Login

Run Spring Boot app. When accessing a secured endpoint (like `/`), you’ll be redirected to your IdP’s login page. Try adding a simple controller:

@RestController
public class HomeController {

    @GetMapping("/")
    public String home(Principal principal) {
        return "Welcome, " + principal.getName();
    }
}

After a successful login, you’ll be redirected back to app and will be able to see username after login.

Conclusion

Setting up SAML authentication in your Spring Boot app might seem a bit overwhelming at first — especially with all the XML, certificates, and configuration involved. But once you get past the initial setup, it becomes a smooth and powerful way to secure your application.

By using SAML, users can log in through company’s identity provider (like Okta, Azure AD, or OneLogin) and enjoy Single Sign-On (SSO) — meaning fewer passwords to remember and a much better login experience.

  • Spring Security makes it easy to enable SAML login.
  • Your app becomes more secure and enterprise ready.

Once it's all wired up, your app will be able to handle logins which are more secure and enterprise ready. To discuss your specific needs, contact Opcito’s experts at contact@opcito.com and an expert will be happy to help you.

Related Blogs

Subscribe to our feed

select webform