saml-2.0

问题 I'm successfully using OneLogin java-saml library for SAML SSO. But there are problems with SLO (Single Logout) with Active Directory Federation Service (ADFS). LogoutRequest created by the library is rejected by ADFS, while it is accepted by SimpleSAMLphp IdP. I pass both nameId and sessionIndex received from ADFS in Response at LogoutRequest creation. Here are generated requests and received responses: AuthNRequest: <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

问题 I'm developing SSO using SAML and my IdP is Azure. I'm having problem with IDP Initiated flow. In SAML Response I always get this NameID: <NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"> bMFy2VsLxPyxxxxxx..... </NameID> This is what I'm expected: <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> user-email-address@foo.bar </NameID> I always get nameid-format:persistent instead of nameid-format:emailAddress . Although I have set "name identifier

问题 I have successfully configured simpleSAMLphp so that it authenticates via the Test Shib IDP (https://www.testshib.org/). Test Shib returns the following attributes: urn:oid:0.9.2342.19200300.100.1.1 urn:oid:1.3.6.1.4.1.5923.1.1.1.1 urn:oid:1.3.6.1.4.1.5923.1.1.1.6 urn:oid:2.5.4.4 urn:oid:1.3.6.1.4.1.5923.1.1.1.9 urn:oid:2.5.4.42 urn:oid:1.3.6.1.4.1.5923.1.1.1.7 urn:oid:2.5.4.3 urn:oid:1.3.6.1.4.1.5923.1.1.1.10 urn:oid:2.5.4.20 I would like to map these attributes to friendly names. Can anyone

问题 I have successfully configured simpleSAMLphp so that it authenticates via the Test Shib IDP (https://www.testshib.org/). Test Shib returns the following attributes: urn:oid:0.9.2342.19200300.100.1.1 urn:oid:1.3.6.1.4.1.5923.1.1.1.1 urn:oid:1.3.6.1.4.1.5923.1.1.1.6 urn:oid:2.5.4.4 urn:oid:1.3.6.1.4.1.5923.1.1.1.9 urn:oid:2.5.4.42 urn:oid:1.3.6.1.4.1.5923.1.1.1.7 urn:oid:2.5.4.3 urn:oid:1.3.6.1.4.1.5923.1.1.1.10 urn:oid:2.5.4.20 I would like to map these attributes to friendly names. Can anyone

问题 I'm trying to create an HTML page, and a part of it is to check if a user has an active Azure AD logged in session. If so then certain elements of the page would change. The IdP and SP are setup correctly, and SSO works, this is a separate page from both of them. This page is here before the user is redirected to the service provider. I just can't figure out how to do this! Is there any way to do it without redirecting the user off the page, maybe using JS? 回答1: After passing the aad

问题 I have a .Net Core 2 application which leverages Sustainsys.Saml2.AspNetCor2 (2.7.0). The front end is an Angular application. The SAML approach I'm taking is based on, and very similar to, the approach taken in this reference implementation: https://github.com/hmacat/Saml2WebAPIAndAngularSpaExample *Everything works fine with the test IDP (https://stubidp.sustainsys.com). But when we try to integrate with Okta, the AuthenticateResult.Succeeded property in the callback method (see below) is

问题 I have a .Net Core 2 application which leverages Sustainsys.Saml2.AspNetCor2 (2.7.0). The front end is an Angular application. The SAML approach I'm taking is based on, and very similar to, the approach taken in this reference implementation: https://github.com/hmacat/Saml2WebAPIAndAngularSpaExample *Everything works fine with the test IDP (https://stubidp.sustainsys.com). But when we try to integrate with Okta, the AuthenticateResult.Succeeded property in the callback method (see below) is

问题 We're using SAML 2.0 for SSO, and want to improve the UX by allowing a user to enter their email only once (to identify they need SSO). Is it possible to pre-fill the SAML SSO email field when authenticating with Google's SAML IDP? I know that the AuthnRequest has an optional Subject field that can pass the principal information to the IdP, but so far I haven't managed to have Google's SSO form pre-populate. Either it's not supported from the IdP, or I'm sending the wrong configuration. The

问题 Closed. This question needs debugging details. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 4 months ago . Improve this question Seeking for guidance on the subject as I'm really stuck on this, I am trying to connect to a microsoft server over a network to login into my system by providing my microsoft credentials. Now, what I want is whenever I try to hit my php application url, it will redirect me to

问题 I'm trying to authenticate Microsoft Azure AD with my laravel web app. Currently I'm referring Azure Active Directory SSO with Laravel. I managed to retrieve the data from the microsoft azure ad but the problem is it doesn't redirect to /home view instead it redirect to login view. I have one idea which is to link the email from Microsoft and email from the model so that it can directly go to home page. But i dont know how to pass the Microsoft data (from provider) to controller. The code(in