AK
Uploaded byAnand kalla
PPT, PDF327 views

Mule security saml

The document discusses Mule's support for SAML (Security Assertion Markup Language) for exchanging security information between federated systems. It describes how to configure the SAML module in Mule, including adding the SAML JAR, configuring the security manager with key providers and realms, and configuring security filters on CXF endpoints. It also explains the differences between the Sender Vouches and Holder-of-Key SAML profiles.

Embed presentation

Download to read offline
MULE –Security-SAMLMULE –Security-SAML
2 SAML Module As of version 2.2.3, Mule enterprise offers support for the Security Assertion Markup Language (SAML), which is a standard for exchange of security information between federated systems. For more information on SAML, see http://saml.xml.org/wiki/saml-wiki-knowledgebase.
3 SAML Module Current support in Mule is limited to SAML 1.1 and CXF web services only. Future versions of Mule will support the use of SAML with other transports. The supported SAML module is only available in the enterprise edition of Mule, although an unsupported version is available on the MuleForge.
4 Using the SAML Module This section describes how to configure the SAML module in your Mule configuration. Adding the SAML Module JAR The use the SAML module, the mule-module-saml JAR file must be in a location on the classpath of your application.
5 Configuring the Security Manager <mule xmlns:saml="http://www.mulesource.org/schema/mule/saml" xsi:schemaLocation="http://www.mulesource.org/schema/mule/saml http://www.mulesource.org/schema/mule/saml/current/mule-saml.xsd"> <!-- Rest of your mule configuration --> </mule>
6 Next, you configure the SAML security manager as shown below. The following example starts off with the definition of the SAML security manager and its accompanying security provider. The security provider specifies the default security realm to use by security filters if none is specified. This is especially useful in case you have only one security realm.
7 <saml:security-manager> <saml:saml-security-provider name="samlSecurityProvider" default- realm="senderVouches"> <saml:keystore-provider name="default-key-provider" key-store-file="classpath:saml.ks" key-store-type="JKS" key-store-password="changeit"/> <saml:sender-vouches-realm name="senderVouches" sign-key- alias="mulesaml" sign-key-password="changeit" key-provider-ref="default-key-provider" resign-assertions="true"/> <saml:holder-of-key-realm name="holderOfKey" key-provider- ref="default-key-provider" /> </saml:saml-security-provider> </saml:security-manager>
8 Within the security provider, you define a key provider, which reads keys and certificates from a standard Java keystore file. You configure this file using the normal Spring options to define resources. In this case, the keystore is read from the classpath. In this example, two security realms are defined. One uses the sender vouches SAML scheme and is also the default realm. The other is a holder of key realm. Both use the same key provider as defined above. For more information on these realms, see MULE3USER:Choosing a SAML Profile below.
9 Configuring Security on an Endpoint Once you've defined a security manager, you can configure security filters on CXF endpoints as shown in the examples below. The first example does not specify a security realm, so the default realm is used. Both filters specify the same certificate that is used to verify the SAML assertions as issued by the assertion provider. <saml:cxf-security-filter certificate-alias="mulesaml"/> <saml:cxf-security-filter certificate-alias="mulesaml" security-realm="non- default"/>
10 Choosing a SAML Profile SAML defines two different profiles: Sender-vouches (SV) and Holder-of- key (HOK). The Sender Vouches profile means that the sender of a message is authorized to act for one of its users towards another system. In this case, the sender of the message vouches its correctness. If both systems trust each other, this profile is appropriate. Holder-of-key means that the user himself is authorized to perform the actions. In this case, the owner (holder) of the key is acting. If your target system trusts the token issuer (and therefore the user) you'll use Holder-of- key.
Mule security saml

More Related Content

PPT
Mule SAML
byD.Rajesh Kumar
 
PPT
Mule security - saml
byD.Rajesh Kumar
 
PPT
Mule security
byPraneethchampion
 
PPTX
Mule Collection Splitter
byAnkush Sharma
 
PPTX
Introduction to testing mule
byRamakrishna kapa
 
PPT
Mule security
byD.Rajesh Kumar
 
PPTX
Mule expression language - Part 1
byremoved_34be96619b7b4fcc8ecd9495ad92d40b
 
PPTX
Mule quartz
byPraneethchampion
 
Mule SAML
byD.Rajesh Kumar
 
Mule security - saml
byD.Rajesh Kumar
 
Mule security
byPraneethchampion
 
Mule Collection Splitter
byAnkush Sharma
 
Introduction to testing mule
byRamakrishna kapa
 
Mule security
byD.Rajesh Kumar
 
Mule expression language - Part 1
byremoved_34be96619b7b4fcc8ecd9495ad92d40b
 
Mule quartz
byPraneethchampion
 

What's hot

PPT
Mule security - saml
bycharan teja R
 
PPT
Mule anypoint b2 b
byD.Rajesh Kumar
 
PPTX
Mule esb parts
bySindhu VL
 
PPTX
Munit
bySindhu VL
 
PPTX
The Mule Agent
byShanky Gupta
 
PPTX
Testing mule
bySindhu VL
 
PPTX
Mule management console Architecture
byShanky Gupta
 
PPTX
Mule esb
bysathyaraj Anand
 
PPTX
Mule ESB - Mock Salesforce Interface
bykrishananth
 
PPTX
Send email attachment using smtp in mule esb
byPraneethchampion
 
PPTX
Mule high availability
bySon Nguyen
 
PPTX
Mule system properties
byGandham38
 
PPTX
Mule advanced
byD.Rajesh Kumar
 
PPTX
Mule esb
bycharan teja R
 
PPTX
Generating Documentation for Mule ESB Application
byRupesh Sinha
 
Mule security - saml
bycharan teja R
 
Mule anypoint b2 b
byD.Rajesh Kumar
 
Mule esb parts
bySindhu VL
 
Munit
bySindhu VL
 
The Mule Agent
byShanky Gupta
 
Testing mule
bySindhu VL
 
Mule management console Architecture
byShanky Gupta
 
Mule esb
bysathyaraj Anand
 
Mule ESB - Mock Salesforce Interface
bykrishananth
 
Send email attachment using smtp in mule esb
byPraneethchampion
 
Mule high availability
bySon Nguyen
 
Mule system properties
byGandham38
 
Mule advanced
byD.Rajesh Kumar
 
Mule esb
bycharan teja R
 
Generating Documentation for Mule ESB Application
byRupesh Sinha
 

Similar to Mule security saml

PPT
Mule security - saml
byvishnukanthro45
 
PPTX
Securing mule
bySindhu VL
 
PPT
Mule with spring security manager
bySon Nguyen
 
PPT
Security spring security manager
byhimajareddys
 
PPT
Mule security - spring security manager
byD.Rajesh Kumar
 
PPT
Security spring security manager
bycharan teja R
 
PPT
Security springsecuritymanager-sathyaraj
bysathyaraj Anand
 
PPTX
Mule securing
bySindhu VL
 
PPT
Spring security integrate with mule
bySon Nguyen
 
PPTX
Flowsinmule 160517130818
byppts123456
 
PPTX
Flows in mule
bySon Nguyen
 
PPTX
Flows in mule
bySindhu VL
 
PPT
Mule security - pgp
byD.Rajesh Kumar
 
PPT
Mule security
byhimajareddys
 
PPT
Mule security
byvishnukanthro45
 
PPT
Mule security
bycharan teja R
 
PPTX
Cmm vm 002
byLalit Panwar
 
PPTX
Mule security
bykrishna2162
 
PPTX
Meet up slides_mumbai_05022020_final
byAkshata Sawant
 
PPTX
Mule enterprise security
bykeshav Naidu
 
Mule security - saml
byvishnukanthro45
 
Securing mule
bySindhu VL
 
Mule with spring security manager
bySon Nguyen
 
Security spring security manager
byhimajareddys
 
Mule security - spring security manager
byD.Rajesh Kumar
 
Security spring security manager
bycharan teja R
 
Security springsecuritymanager-sathyaraj
bysathyaraj Anand
 
Mule securing
bySindhu VL
 
Spring security integrate with mule
bySon Nguyen
 
Flowsinmule 160517130818
byppts123456
 
Flows in mule
bySon Nguyen
 
Flows in mule
bySindhu VL
 
Mule security - pgp
byD.Rajesh Kumar
 
Mule security
byhimajareddys
 
Mule security
byvishnukanthro45
 
Mule security
bycharan teja R
 
Cmm vm 002
byLalit Panwar
 
Mule security
bykrishna2162
 
Meet up slides_mumbai_05022020_final
byAkshata Sawant
 
Mule enterprise security
bykeshav Naidu
 

More from Anand kalla

PPTX
Unit testing using Munit Part 1
byAnand kalla
 
PPT
Maven in Mule
byAnand kalla
 
PPTX
Java Fundamentals in Mule
byAnand kalla
 
PPTX
Java in Mule
byAnand kalla
 
PPTX
web services
byAnand kalla
 
PPTX
SOAP Service in Mule Esb
byAnand kalla
 
PPTX
UDDI in Mule Esb
byAnand kalla
 
PPTX
WSDL in Mule Esb
byAnand kalla
 
PPTX
Send email attachment using smtp in mule esb
byAnand kalla
 
PPT
Mule oracle connectors
byAnand kalla
 
PPT
Mule google connectors
byAnand kalla
 
PPT
Mule execution
byAnand kalla
 
PPT
Mule database-connectors
byAnand kalla
 
PPT
Mule batch processing
byAnand kalla
 
PPT
Mule architecture
byAnand kalla
 
PPT
Mule anypoint exchange
byAnand kalla
 
PPTX
Mule soap
byAnand kalla
 
PPTX
Mule soa
byAnand kalla
 
PPT
Mule security jaas
byAnand kalla
 
PPTX
Mule for each scope header collection
byAnand kalla
 
Unit testing using Munit Part 1
byAnand kalla
 
Maven in Mule
byAnand kalla
 
Java Fundamentals in Mule
byAnand kalla
 
Java in Mule
byAnand kalla
 
web services
byAnand kalla
 
SOAP Service in Mule Esb
byAnand kalla
 
UDDI in Mule Esb
byAnand kalla
 
WSDL in Mule Esb
byAnand kalla
 
Send email attachment using smtp in mule esb
byAnand kalla
 
Mule oracle connectors
byAnand kalla
 
Mule google connectors
byAnand kalla
 
Mule execution
byAnand kalla
 
Mule database-connectors
byAnand kalla
 
Mule batch processing
byAnand kalla
 
Mule architecture
byAnand kalla
 
Mule anypoint exchange
byAnand kalla
 
Mule soap
byAnand kalla
 
Mule soa
byAnand kalla
 
Mule security jaas
byAnand kalla
 
Mule for each scope header collection
byAnand kalla
 

Recently uploaded

PDF
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
PPTX
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
PDF
AI Driven & AI Native Development AI native development
byZainKarim7
 
PPTX
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
PPTX
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
PDF
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
PPTX
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
PPTX
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
PPT
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
PDF
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
PDF
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
PDF
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PDF
threat-hunters-cookbook for cybersecurity
bylobster6719
 
PDF
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
PPTX
Introduction to Computer Network Concepts.pptx
byAnacrissa Soriano
 
PPTX
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
AI Driven & AI Native Development AI native development
byZainKarim7
 
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
threat-hunters-cookbook for cybersecurity
bylobster6719
 
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
Introduction to Computer Network Concepts.pptx
byAnacrissa Soriano
 
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 

Mule security saml

  • 1.
  • 2.
    2 SAML Module As ofversion 2.2.3, Mule enterprise offers support for the Security Assertion Markup Language (SAML), which is a standard for exchange of security information between federated systems. For more information on SAML, see http://saml.xml.org/wiki/saml-wiki-knowledgebase.
  • 3.
    3 SAML Module Current supportin Mule is limited to SAML 1.1 and CXF web services only. Future versions of Mule will support the use of SAML with other transports. The supported SAML module is only available in the enterprise edition of Mule, although an unsupported version is available on the MuleForge.
  • 4.
    4 Using the SAMLModule This section describes how to configure the SAML module in your Mule configuration. Adding the SAML Module JAR The use the SAML module, the mule-module-saml JAR file must be in a location on the classpath of your application.
  • 5.
    5 Configuring the SecurityManager <mule xmlns:saml="http://www.mulesource.org/schema/mule/saml" xsi:schemaLocation="http://www.mulesource.org/schema/mule/saml http://www.mulesource.org/schema/mule/saml/current/mule-saml.xsd"> <!-- Rest of your mule configuration --> </mule>
  • 6.
    6 Next, you configurethe SAML security manager as shown below. The following example starts off with the definition of the SAML security manager and its accompanying security provider. The security provider specifies the default security realm to use by security filters if none is specified. This is especially useful in case you have only one security realm.
  • 7.
    7 <saml:security-manager> <saml:saml-security-provider name="samlSecurityProvider" default- realm="senderVouches"> <saml:keystore-providername="default-key-provider" key-store-file="classpath:saml.ks" key-store-type="JKS" key-store-password="changeit"/> <saml:sender-vouches-realm name="senderVouches" sign-key- alias="mulesaml" sign-key-password="changeit" key-provider-ref="default-key-provider" resign-assertions="true"/> <saml:holder-of-key-realm name="holderOfKey" key-provider- ref="default-key-provider" /> </saml:saml-security-provider> </saml:security-manager>
  • 8.
    8 Within the securityprovider, you define a key provider, which reads keys and certificates from a standard Java keystore file. You configure this file using the normal Spring options to define resources. In this case, the keystore is read from the classpath. In this example, two security realms are defined. One uses the sender vouches SAML scheme and is also the default realm. The other is a holder of key realm. Both use the same key provider as defined above. For more information on these realms, see MULE3USER:Choosing a SAML Profile below.
  • 9.
    9 Configuring Security onan Endpoint Once you've defined a security manager, you can configure security filters on CXF endpoints as shown in the examples below. The first example does not specify a security realm, so the default realm is used. Both filters specify the same certificate that is used to verify the SAML assertions as issued by the assertion provider. <saml:cxf-security-filter certificate-alias="mulesaml"/> <saml:cxf-security-filter certificate-alias="mulesaml" security-realm="non- default"/>
  • 10.
    10 Choosing a SAMLProfile SAML defines two different profiles: Sender-vouches (SV) and Holder-of- key (HOK). The Sender Vouches profile means that the sender of a message is authorized to act for one of its users towards another system. In this case, the sender of the message vouches its correctness. If both systems trust each other, this profile is appropriate. Holder-of-key means that the user himself is authorized to perform the actions. In this case, the owner (holder) of the key is acting. If your target system trusts the token issuer (and therefore the user) you'll use Holder-of- key.