saml-2.0 | 易学教程

Delphi & SAML (Web apps or desktop apps)?

阅读更多关于 Delphi & SAML (Web apps or desktop apps)?

is the SAML protocol (Sing Sign ON) used soley for web apps and web services, or is it also used for standard applications? REVISED: I am looking for some windows (Standard Applications (not web based)) protocols for Single Sign On If you are looking at Windows specifically, why not use Kerberos and Integrated Windows Authentication? It's built into Active Directory and Domain Controllers. It doesn't really work once you start crossing into the Internet and different security domains but it works well behind your firewall in a corporate environment. However, SAML can be used for desktop

SAML LogOutRequest processing failed on ADFS server

阅读更多关于 SAML LogOutRequest processing failed on ADFS server

问题 I have ADFS server as an IdP. I have separate SP application. These are defined in circle of trust. SSO over SAML protocol is working fine. When I try SP initated log out request I got error on ADFS side : MSIS7000: The sign in request is not compliant to the WS-Federation language for web browser clients or the SAML 2.0 protocol WebSSO profile. EDIT More detail message from ADFS Event Trace : MSIS7015: This request does not contain the expected protocol message or incorrect protocol

Configuring Ping Federate and Spring SAML to authenticate application

阅读更多关于 Configuring Ping Federate and Spring SAML to authenticate application

问题 I installed PingFederate on an AWS EC2 running Windows_Server-2008-R2_SP1-English-64Bit-Base-2014.04.09. I have a Java application that is using Spring Security for authentication. I have read about how with PingFederate, I can set up an Identity Provider(IdP) and a Service Provider(SP). I have gathered that the IdP would be the Application User providing login credentials(the Identity) and passing this to the SP which has the Target Application apart of the SP in this diagram on this page

SSO using Identity Server with SAML 2 with other Identity Providers

阅读更多关于 SSO using Identity Server with SAML 2 with other Identity Providers

问题 I implemented authentication and authorization using Identity server 4 with OIDC to allow clients accessing our application to get the necessary tokens to access our resource server (web APIs). This is the current architecture : Identity Server 4 using my custom DB to authenticate users Resource APIs (ASP.NET Core) Angular 2 front end I need to implement SSO, where users from other systems will pass SAML2 assertions from their identity providers to allow them to access our resource APIs

Decode SAML 2.0 64Base string

阅读更多关于 Decode SAML 2.0 64Base string

I've been developing a SAML 2.0 SSO. I got a problem in decoding 64Base string to convert it into an xml then read the content later on. Below is the code I've been using: Protected Function uf_getIDFromSAMLRequest(ByVal as_samlRequest As String) As String Dim ms As New MemoryStream(Convert.FromBase64String(as_samlRequest)) Dim decompress As New DeflateStream(ms, CompressionMode.Decompress) Dim xmlMessageBytes As Byte() = New Byte() {} Dim m1 As New MemoryStream(xmlMessageBytes) decompress.CopyTo(m1) Dim document As New XmlDocument() With { _ .PreserveWhitespace = True _ } document.LoadXml

SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration

阅读更多关于 SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration

问题 Iam using spring-saml implementation. In the class WebSSOProfileConsumerImpl, I could find the following lines of code which checks for nameId in the assertion of the SAML response . NameID nameID; if (subject.getEncryptedID() != null) { Assert.notNull(context.getLocalDecrypter(), "Can't decrypt NameID, no decrypter is set in the context"); nameID = (NameID) context.getLocalDecrypter().decrypt(subject.getEncryptedID()); } else { nameID = subject.getNameID(); } Based on the code, its clear

SAML for Native Mobile Apps(Android and IOS)

阅读更多关于 SAML for Native Mobile Apps(Android and IOS)

问题 I have been searching for quite long time, whether SAML Authentication available for Mobile Apps. I went through the oneLogin developer portal completely, but could not find any documents on Android and IOS Api. Can somebody please confirm me whether SAML gives support to Mobile Apps or not. 回答1: Folks who go this route generally just implement a WebView and handle the SAML request that way. Take a look at this article on Webviews as this will allow you to share information (notably any

WSO2 Identity Server 5.1.0 not returning user claims in SAML Response

阅读更多关于 WSO2 Identity Server 5.1.0 not returning user claims in SAML Response

While trying out the new version of WSO2 Identity Server 5.1.0 I'm having problems returning claims in the SAML response. While this worked in WSO2 IS 5.0.0 SP1. I've mapped the required claims and added them to my SP, also I configured the SP to always return the user attributes. I've configured the SP claim mapping: My SAML configuration: Any help is greatly appreciated. I'm getting the feeling this might be a bug. EDIT: In WSO2 5.1.0 it is required to add the Attribute Consuming Service Index to the SAML Request. In WSO2 5.0.0 SP1 it worked even without setting this value in the SAML

How can Service Provider reinforce password prompt at IdP server?

阅读更多关于 How can Service Provider reinforce password prompt at IdP server?

SAML 2.0 with the "POST" Binding: Is there any way for Service Provider to ask IdP for user re-authentication for the specific request? I mean first time web user enters login/password, than it stores some sort of cookie in a browser memory so that it remembers the user and does not ask him for password again next time inside the session. I want SP be able to enforce re-authentication which means a command to ask user for password again The only similar thing I found ( ForceAuthn ) and it does not help me: <samlp:AuthnRequest ForceAuthn="true" ... > According to documentation ForceAuthn is

How to maintain state parameter in Identity Provider (IdP) initiated SAML sso?

阅读更多关于 How to maintain state parameter in Identity Provider (IdP) initiated SAML sso?

I started with Service Provider based SSO for SAML. Since the user had to enter his email before proceeding with the login, a state variable was initiated and passed on to the SSO. It comes back through the callback URL and hence was check again for the sanity purpose. It protected against CSRF attacks. Now IdP initiated SSO doesn't allow me to set state variable at all. Login starts at Identity Provider and only an auth token is provided to the app. I do not know which user is authenticating from the beginning. If I remove the state variable check, it could trigger a CSRF attack as well. I am