saml-2.0

问题 OKTA-Shibboleth(Apache)-Nakisa(Tomcat) SSO is working for logging-in. Now, I need to configure Logout. So, user logs out from the app, user needs to be redirected to OKTA page with tiles. But, currently,user is redirected to the app again. It's sending user to /logout?redirect=default.html but that default.html is captured by Apache rule and logging user back in. It looks like it needs to hit https://xxxx/Shibboleth.sso/Logout. When I access this url, it says logout is successfully done

问题 The PingFederate documentation notes that you may configure either SP or IDP single-log-out (a.k.a. SLO). A user initiates SLO when that user requests a "Start-SLO" endpoint from their browser (i.e. either http://<PingFederate Base URL>/sp/startSSO.ping or http://<PingFederate Base URL>/idp/startSSO.ping ). My Questions: Isn't this just a distinction in name only ? At the end of the day, aren't we just targeting an endpoint anyway? Does this choice have any material impact on the SLO process?

问题 I have this one which is I guess is following SAML 1.1, I wanted to know how can I generate a new SP metadata using SAML 2.0 in Rails and share with other users, which will help other team in configuring SAML at IDp(Identity Provider end)? require 'onelogin/saml' class Account < ActiveRecord::Base def get_settings settings = Onelogin::Saml::Settings.new settings.issuer = "https://example.com/test" settings.idp_sso_target_url ="https://testexample.com" settings.idp_cert_fingerprint ="########"

问题 I'm aware of how SAML is used for single sign on (SSO). That is, redirection to IDP from SP and getting the user's identity from the SAML response/assertion. My question is - Does SAML 2.0 specification define how to pass username and password as part of a SAML request xml for authentication? Note that I'm not talking about single sign on and just want authentication of username/password. Thanks, 回答1: The SAML standard supports passing a user identifier in the <saml:Subject> field of the

问题 I have problems getting work "SAML2 Bearer Assertion profile for Oauth" within WSO2 API Manager. I'm trying to apply "Johann's Wall" How-to on API Manager (ver. 1.5) but running in the following error. [2013-11-08 17:44:35,930] DEBUG - SAML2BearerGrantTypeHandler SAML Assertion Audience Restriction validation failed [2013-11-08 17:44:36,024] DEBUG - AccessTokenIssuer Invalid Grant provided by the client, id=enfKWsilmCxdIwhYiINcoA2JKwka, user-name=admin to application=MyFlowChart [2013-11-08

问题 I am relatively new to Symfony2. I have already built a system using the inbuilt security mechanism of Symfony2 by authenticating users from database. Lets call this system "B" There is an application in asp.net on a different server that uses the same credentials (I had copied over the users table from that system). Lets call this System "A". Is it possible for users to click on a link in the ASP application that redirects them to the Symfony2 application and automatically authenticate them

问题 I am sending a SIGNED authnRequest to the idp using c# and asp.net. My code signs the authnRequest but the signature validation fails at idp. Details I tried a lot of solutions but in vain. This is what i am doing following guidlines set by https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf: STEPS Deflate the auth request, then base64 encode it and finally Url Encode it. Lets call it AR Url encode the RelayState. Lets call it RS Url encode the signing Algorithm string.

问题 Hello I have this XML as a SAML2 Response from my IDP: <Assertion ID="_97031c65-0139-4047-a416-9495df5d6ed7" IssueInstant="2016-10-26T07:45:43.438Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> <Issuer> </Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#

问题 I've been developing a SAML 2.0 SSO. I got a problem in decoding 64Base string to convert it into an xml then read the content later on. Below is the code I've been using: Protected Function uf_getIDFromSAMLRequest(ByVal as_samlRequest As String) As String Dim ms As New MemoryStream(Convert.FromBase64String(as_samlRequest)) Dim decompress As New DeflateStream(ms, CompressionMode.Decompress) Dim xmlMessageBytes As Byte() = New Byte() {} Dim m1 As New MemoryStream(xmlMessageBytes) decompress

问题 While trying out the new version of WSO2 Identity Server 5.1.0 I'm having problems returning claims in the SAML response. While this worked in WSO2 IS 5.0.0 SP1. I've mapped the required claims and added them to my SP, also I configured the SP to always return the user attributes. I've configured the SP claim mapping: My SAML configuration: Any help is greatly appreciated. I'm getting the feeling this might be a bug. EDIT: In WSO2 5.1.0 it is required to add the Attribute Consuming Service