saml-2.0 | 易学教程

SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration

阅读更多关于 SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration

Iam using spring-saml implementation. In the class WebSSOProfileConsumerImpl, I could find the following lines of code which checks for nameId in the assertion of the SAML response . NameID nameID; if (subject.getEncryptedID() != null) { Assert.notNull(context.getLocalDecrypter(), "Can't decrypt NameID, no decrypter is set in the context"); nameID = (NameID) context.getLocalDecrypter().decrypt(subject.getEncryptedID()); } else { nameID = subject.getNameID(); } Based on the code, its clear that the nameId should be part of the subject. But most of the IDP's including the one that I am using

Windows Identity Foundation does not officially support SAML 2.0; use WIF CTP or stick with SAML 1.1?

阅读更多关于 Windows Identity Foundation does not officially support SAML 2.0; use WIF CTP or stick with SAML 1.1?

问题 We would like to use SAML 2.0 for a Single Sign On solution. As a typical Microsoft shop, we prefer to use Microsoft components as much as possible. Windows Identity Foundation supports SAML 2.0, but the extension is still in Community Technology Preview (CTP) for more than a year, with no information anywhere on future course. See http://blogs.msdn.com/b/alikl/archive/2011/05/16/windows-identity-foundation-wif-extension-for-saml-2-0-protocol-community-technology-preview-ctp.aspx I came

Are SAML tokens cache/stored anywhere on the browser?

阅读更多关于 Are SAML tokens cache/stored anywhere on the browser?

问题 Scenario: Browser(User) requests resource from Service Provider (SP). SP Redirects (with SAML Request) to Identity Provider (IdP). Since it is first login, User gives the (IdP) his/her valid credentials. IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page. I have two questions: A. In Step 4, does the Browser store or cache the SAML Response and/or SAML token? B. If yes, what kind of things (attributes? timeouts? protocols?) prevent me from taking that

How to add new idp metadata in spring-SAML at runtime

阅读更多关于 How to add new idp metadata in spring-SAML at runtime

I am integrating spring-security-saml extension to support SSO in my web-application, my application should allow different customers to add their IDP metadata and their certificate to my webapp (which is an SP) so that my webapp can initiate SSO against their idp. Right now I am defining a "metadata" bean in my java config where in I add the idp metadata to CachingMetadataManager. But this happens only once, I am not able to figure out how do I add a new idp metadata to MetadataManager at runtime (without re-starting my app). Can I just get the metadata bean from spring ApplicationContext and

How to implement openAM SSO to my existing web applications

阅读更多关于 How to implement openAM SSO to my existing web applications

I'm try to implementing SSO in my existing web applications with using OpenAM by refer following link http://fczaja.blogspot.com/2012/06/idp-initiated-sso-and-identity_21.html PS. my web applications have their own login page already Now what is got after implementation is, openAM login page are protected in my web applications and i need to make login again to my application what i need is, want to skip the login page of my application to become single sign on. so, can anyone tell me what tasks need i do left? do i need to revise my Login page of my application? do i need any database or

SAML Service provider with ColdFusion

阅读更多关于 SAML Service provider with ColdFusion

问题 I am trying to do a test on SAML 2.0 with ColdFusion 9. All I want is to consume the SAML's generated xml and do the processing. I am following the article given here http://blog.tagworldwide.com/?p=19 (archived version) But I am getting error when I initiate the xmlSignatureClass ( xmlSignature = xmlSignatureClass.init(docElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig","Signature").item(0),javacast("string","")); ). My test code is as follows - <cfxml variable=

WIF config: issuerNameRegistry vs. certificateValidation

阅读更多关于 WIF config: issuerNameRegistry vs. certificateValidation

问题 In the Windows Identity Foundation (WIF) 4.5 config, what is the relationship between issuerNameRegistry and certificateValidation ? What portion of a SAML 2.0 assertion is validated by each? For example: the code & config below will verify that the issuer cert has the given thumbprint. But I assume a certificateValidationMode other than "None" will validate some additional details? var handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers; var

Configuring Spring SAML for SSO with PingFederate

阅读更多关于 Configuring Spring SAML for SSO with PingFederate

We have decided to use Ping Federate to be our SSO solution. I have searched many examples but have not found a spring configuration that clearly describes how I need to set up my SP and/or IdP on the PingFederate side. I have not found a Spring document that describes what I need exactly to implement this. Any help, much appreciated. Currently there's no step-by-step guide on establishing federation between Spring SAML and Ping, but the steps are very similar to what's described in the quick start guide of Spring SAML. The best approach is to start with the sample application included inside

REST API authentication with SAML

阅读更多关于 REST API authentication with SAML

问题 I'm struggling to design a SAML2.0 authentication for a REST API using a gateway. REST is used between my backend and my application. I'm using Java Servlet filter and Spring. I see two possibilities: Adding the SAML tokens into the header each time. Authenticate once with SAML, then using a session or similar (secure conversation) between the client and the gateway. Case 1: It's a good solution because we are still RESTful but: SAML tokens are quite big. It's may generated problem due to big

Angularjs and SAML, the beginning

阅读更多关于 Angularjs and SAML, the beginning

问题 I m working on an application that needs SAML to manage authentication with an OpenAM server. Actually, I use Satellizer with OAuth2 implicit grant flow and I have the following : Open angularjs app in browser Click on the third party login button A new window hover the existing one (with ng app) is open asking me my credentials I fill them, and validate The pages made its stuff (generating token) The angularjs application gets the token through the windows (how it is possible ?) I can use my