I hope you’re doing well.
I'm facing some issues migrating applications from Weblogic to Glassfish 4.1 and, I'm quite new with the Glassfish server.
I will try to explain what I'm doing and what I've found so far on googling.
There are some applications in Weblogic server that are set up to use SSO (SAML with Salesforce as Identity Provider), and Weblogic provides an easy out-of-the-box configuration to do that and I need to do the same but in Glassfish.
By my researches I found out that Glassfish provides SSO for the applications deployed on the same Virtual Server and doesn't have any configuration related to Third Parties for using SSO over SAML and, I should use tools like OpenAM, Shibboleth or similar as Service Provider and they must be deployed on Apache Tomcat.
I found the following discussion in the stackoverflow but is quite old (9 years ago): OpenSSO/OpenAM alternatives
Also, I found another link related to Glassfish + Salesforce but is quite old as well (from 2012): SSO using SAML2 updated document
So, my questions are:
1 - My applications are deployed in Glassfish, and I'd like to know what's the best approach or alternatives to set up SSO with Salesforce as Identity Provider over SAML (could be free and paid)?
2 - Is there any external tool that I can install/deploy in Glassfish instead of Apache Tomcat to configure the SSO over SAML?
I really appreciate any help.
Thank you.
You could use a Java library that acts as a SAML SP, no need for a full-blown SP implemetation as OpenAM for Shibboleth. Most of those libraries are acting as JEE servlet filter, so it should not be a big deal to extend your application.
Hi Bernhard, thank you for your reply. I just double-checked the configurations in the Weblogic realm provider and I realized there are more applications been redirecting to the Salesforce Identity Provider. I updated the description.
Depending on the use-case you could just use an HTTP reverse-proxy and use a saml-library there. Then instead of using a SAML SP in a servlet-filter, it's implemented in the HTTP reverse-proxy.
Where did you get Glassfish from? May be I should contribute a SAML realm, propblem is there are too many forks. Potentially contributing to Payara would be better.
We got GF 4.1 from download.oracle.com/glassfish/4.1. Basically, we can't use another version like Payara because we're migrating Oracle ADF applications and there is no support for Payara.
Does Oracle still support Glassfish 4.1? Honestly that's hard to believe.