How to deploy Spring Boot and Spring Security Integration with SAML ADFS and OTP MFA

Article how to quick start a new DEV environment with Microsoft ADFS and Spring Boot & Spring Security demo project which has SAML integration and OTP Multi-factor authentication enabled.

Prerequisites

• Dedicated Windows DEV Workstation/Server NOTE: For initial setup DEV workstation must have direct access to the Internet to download dependant binaries.

• Deploy Microsoft ADFS with SecureMFA Provider on dedicated Windows2016 or later https://www.securemfa.com/downloads/mfa-otp#h.p_0CFeLwIix8Fa

On ADFS server add a sample Relying Party Trust configuration for SecureMFA Spring Security Simple SAML2 Example by running following PowerShell command:

Add-ADFS_RelyingPartyTrust -RP_WEBSITE_URL https://localhost:8443 -SampleRP SpringSample -Force

Command adds Relying Party Trust (RP) configuration on ADFS server which is required for SecureMFA Spring Security Simple SAML2 Example to work with windows authentication and enforce MFA authentication when accessing Demo application on DEV workstation.

Please write down output information for “ADFS Identifier” and “ADFS Federation Metadata Endpoint” which will be required for SecureMFA Spring Security Simple SAML2 Example project configuration.

• Use following URLs for more information on SecureMFA OTP Provider and SecureMFA Tools . The links have deployment video how to install ADFS service on Windows server.

Deployment Steps on DEV Workstation/Server

1) Deploy latest “SecureMFA” tools on PowerShell Module from Microsoft PSGallery on Windows DEV workstation/server by using bellow PS commands:

Install-Module -Name SecureMFA -Repository PSGallery -Scope AllUsers

2) Run bellow PowerShell command to prepare workstation with software required for JAVA development environment to run Spring Boot projects on Windows. Command will install following components on a workstation

• Free distributions of OpenJDK 11 (hotspot)

• Apache Maven 3.6.3 Binary

• OpenSSL

• Configures Windows Environment variables JAVA_HOME , MAVEN_HOME , OpenSSL_HOME and Path for system to run demo project with SAML

Install-SecureMFA_DEV_Environment -Env JAVA

3) After deployment completed for JAVA software close PS Session and open it again. Verify if environment has been deployed successfully by ruining following command:

mvn -versioncd

The output should look as bellow

4) Execute bellow command to deploy a SecureMFA Spring Security Simple SAML2 Example Project. During deployment you will be promted to enter “ADFS Federation Metadata Endpoint” and “ADFS Identifier” as noted in Prerequisites section.

Install-SecureMFA_DEV_Code -Sample SpringBootSAML

5) To start a project, execute: mvn spring-boot:run from 'C:\Apps\adfs-spring-simple-saml' and navigate to https://localhost:8443

Deployment Video

Video shows deployment steps how SecureMFA Spring Security Simple SAML2 Example Project can be linked to ADFS service for MFA authentication. Free provider version (which runs for limited number of 24 users) can be downloaded from www.securemfa.com

This deployment allows to use ADFS authentication and OTP tokens to provide MFA access for published Spring Boot Framework Apps.

Each connection is first pre-authorized by the ADFS and, if successful, the session is authenticated and authorized on Spring App.

All components of the MFA-OTP provider are hosted on-premise infrastructure and do not depend on 3rd party services in the cloud.