I have x number of Java Web apps as standalone war files and the source code is not available and need to setup a Tomcat or TomEE container to act as the Relying Party as well as using Microsoft Entra ID enterprise apps with a non-gallery SAML setup as the IDP.
Is it possible to use the spring-security-saml2-service-provider jar as referenced here: https://mvnrepository.com/artifact/org.springframework.security/spring-security-saml2-service-provider
I was able to get a PoC working with the Apache Fediz Tomcat plugin: fediz-tomcat-1.6.1.jar, but only with Tomcat9 and JDK8, and realized that Fediz won't work in our situation because we're using TomEE as the container with JDK21 and I believe Fediz was compiled JDK8 and is using javax whereas TomEE uses Jarkarta.
The ideal situation would be to just pull the spring-security-saml2-service-provider.jar and drop it in the lib folder within Tomcat or TomEE and then configure xml or property files that use the the metadata provided by Entra ID.
Thanks for any suggestions.
I have tried Apache Fediz and cannot use due to JDK version. I was expecting to find some information on how to setup Tomcat as the Relying Party using spring-security-saml2-service-provider with MSFT Entra ID, but not sure where to start.