federated-identity

问题 It's a multi-tenant B2B SaaS application. How can I provide the Ability to provide Federated authentication with Tenant's corporate IdP for some tenants only if they choose to? For other tenants, basic UN/Password flow is required. Do I need to use a pool per tenant or a common pool should work here? Also, I am not planning to use the Identity pool but only the user pool as we do not need to give direct access to AWS resources. 来源： https://stackoverflow.com/questions/65621664/how-to-provide

问题 I have a React web application built with AWS Amplify I have added authentication with Cognito user pools, I am not using usernames, I have selected the login using email/phone only, I don't want usernames, but Cognito creates a random username anyway. I want that the user to login using their email or using one social provider (Facebook or Google) and it shouldn't matter, they should have access to the same account, based on the email. Pretty normal practice, I think. However, when I first

问题 I am using ADFS 2.0 for authentication for my mvc 3.0 web app. I set my TokenLifeTime on my relying party to 1440 (24 hours), but when I step through my code after I log in I can see that the ValidTo date of the session token is only 600 mins (10 hours) from now. If I change TokenLifeTime to be less than 600 the datetime matches what I expect when I log in. i.e. if I set TokenLifeTime to 5, the ValidTo date on my session token is 5 mins from when I logged in. I haven't found any reference to

问题 I configured salesforce for federated authentication. Great! I did? It is working fine for "identity provider initiated login" (see Federated authentication and Delegated authentication in salesforce). I am using a federated id. But my issue that that user can login directly to salesforce using his username and password? How can I disable it? The "service provider initiated login" says it will come to identity provider. It is not going to identity provider when I try to login using salesforce

问题 We have a SAML 2.0 federated environment (IDP and SP). I would like to generate a custom attribute for assertions created only for one SP. As such, I will not modify the IDP configuration. The snippet of the SAML Assertion we need to create: < saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > Name="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE:groups" > < saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:type="xsd:string"> ABCD

问题 Is it possible to exchange an OAuth2 access token (or OpenID Connect id_token) for a WS-* SAML token? Here is our specific scenario that we would like to accomplish: A user has been authenticated using an OpenID Connect endpoint and issued an id_token. The same user has been authorized using an OAuth 2 endpoint and issued an access token. A single-page application (SPA) requests data from a secured ASP.NET Web API and it sends the id_token and access token. Here's the question/tricky part :

问题 We have multitenant asp.net MVC web site which supports multiple partners. Currently we are using forms authentication to authenticate users. Now some of the partners have asked for single sign on support with SAML. I did quick POC to test it against “Thinktecture” identity provider. All I did was to install “Identity and access” extension for VS 2012 and configure the identity provider. I noticed that the extension added configuration settings like URL of the IP and realm in the web.config

问题 With AWS iOS SDK 2.4.0 Amazon's documentation fell behind. Pages on writing code to support Federated Identities, particularly how to refreshing token ids no longer reflected the code. This page for example, http://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html, refers to credentialsProvider.logins which isn't present in SDK 2.4.0 Does anyone know if anyone else has documented this aspect of Amazon's iOS SDK? Or Amazon somewhere else? Amazon has now released 2.4.10 and its

问题 I just starting out trying to write a federated claims provider I'm using the http://claimsid.codeplex.com/ examples as my template. So I start up VS2010 to begin my own project and the first thing I notice is that there is a System.IdentityModel as well as Microsoft.IdentityModel. This usually happens when stuff gets added to the .Net framework becoming 'mainstream'. Is this the case here? Which one should I use? 回答1: When using Claims Based authentication/authorization, then you will need

问题 I am playing with windows identity foundation and I am trying to create an MVC.NET based Security Token Service and use it as the Single Sign On application. My only problem is that I don't know how to generate the federationmetadata.xml file. Is there any tool to generate this file manually? 回答1: I created a custom metadata generator that does what VS does when you create the STS project. I had to use Reflection to call the code because as usual everything useful is internal in Microsoft's