onelogin

问题 I'm successfully using OneLogin java-saml library for SAML SSO. But there are problems with SLO (Single Logout) with Active Directory Federation Service (ADFS). LogoutRequest created by the library is rejected by ADFS, while it is accepted by SimpleSAMLphp IdP. I pass both nameId and sessionIndex received from ADFS in Response at LogoutRequest creation. Here are generated requests and received responses: AuthNRequest: <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

问题 I have a spring boot application which is using Oauth with OneLogin as the authorisation server. Now, I want to implement role based authorisation to expose certain APIs only to users with certain privileges. I have users belonging to groups. Say user A belongs to "admin" group and user B does not belong to the admin group. My question is how can I use these groups to enable only user A to access certain APIs. This is the information about the authenticated user for reference: authorities 0

问题 I have a spring boot application which is using Oauth with OneLogin as the authorisation server. Now, I want to implement role based authorisation to expose certain APIs only to users with certain privileges. I have users belonging to groups. Say user A belongs to "admin" group and user B does not belong to the admin group. My question is how can I use these groups to enable only user A to access certain APIs. This is the information about the authenticated user for reference: authorities 0

问题 we are having an issue making an API call to generate an OAuth token. Our call looks like this: // Reusable variables var oneloginURL = "https://api.us.onelogin.com"; var oneloginSessionURL = "https://rxsense.onelogin.com"; // Axios objects for AJAX calls, For onelogin calls only var ONELOGIN_API = axios.create({baseURL: oneloginURL}) var ONELOGIN_SESSION_API = axios.create({baseURL: oneloginSessionURL}) const REQUIRED_CONFIG = { ONE_LOGIN: { LOGIN: { BASE: "https://api.us.onelogin.com",

问题 Can this be done? Or what would the correct approach be? As part of our provisioning step for new instances (custom domain, resources, etc.) of our software we would like to automate the setup of the IdP. As it is, we set this up manually. 回答1: Unfortunately, you can't do that today. Having said that, it's planned to be implemented later this year. [Edit] This is no longer true Just to return to this, the API was released a while ago. Check out - https://developers.onelogin.com/api-docs/2

问题 I'm relatively new to SAML and came across the OneLogin Python SAML library. I was able to get it up and running with my web app being the Service provider (SP) and OneLogin being the Identity Provider (Idp). I would like to be able to add support for other Identity Providers as well. However, I find that the python-saml library is using a settings.json to get the Idp information. I have looked at the following issues on their Github project but have been unable to get an actionable solution:

问题 I have added my web application into onelogin using SAML Test Connector. In Configuration tab I have given the following values Recipient : http://localhost:8080/em/live/pages/samlAuth/ ACS(Consumer) URL Validator* : ^ ACS (Consumer) URL* :http://localhost:8080/ws_em/rest/accounts/consume-saml Login URL : http://localhost:8080/ws_em/rest/accounts/produce-saml Where http://localhost:8080/ws_em/rest/accounts/produce-saml creates an SAML Request by taking IssuerUrl, SAML EndPoint Copied From

问题 I'm trying to use the OneLogin API to create my own Single Sign On Portal. As such, I need to call the 'session_via_api_token' method to establish a session and load the OneLogin domain cookies. The documentation shows example usage of the method by submitting an html form post. As far as I can tell, the example isn't just one way to do it... it's THE ONLY way to do use it. I would really prefer not to have to use a form post. From experimenting, it seems that I cannot call it via javascript

问题 Does anyone know if there is a workaround for OneLogin's lack of support of the login_hint parameter during the OIDC implicit flow request? My main goal is to be able to pre-populate the username/email of the login page. https://{subdomain}.onelogin.com/login The redirect generated by the implicit flow requests to the login page does not include the hint information. The login form does however load the email address of the user the last sign in successfully, which is great, but not the best

问题 I am having quite a time setting up SAML integration with a client using our platform. We're using OneLogin's php sdk on our end to act as a service provider. Not sure what they're using as an identity provider or if it is something custom. It seems no matter what we do, the AuthN Response we receive from them has the status: urn:oasis:names:tc:SAML:2.0:status:Responder As I read it here, all that means is that there was an issue (we don't know what) on their side. Sort of the equivalent of a