saml-2.0

I'm trying to build an application with a WSO2 Application server and Identity server. the soap server which is based on Axis2 Framework needs to have WS-Trust based Authentication. For learning, I'm following this blog http://www.vitharana.org/2015/01/how-ws-trust-sts-works-in-wso2-identity.html At the end when I run the sample application I get following error. Sample Application is from https://github.com/ajithnv/blog_resources/tree/master/sts-client org.apache.axis2.AxisFault: Missing wsse:Security header in request at org.apache.rampart.handler.RampartReceiver

Hi I am trying to use SSO to authenticate my client's users directly to my website. My client's IDP is Microsoft ADFS and I am using Passport-SAML ( https://github.com/bergie/passport-saml ) to configure the SSO process. After getting to a special URL I give my client (example: www.myClient.myCompany.com ), the user (unauthenticated) is as expected redirected to the client login page. After he enters his credential, he remains stuck in login page BUT the SSO work because the user is authenticated meaning that if he opens a new tab and go to www.myClient.myCompany.com, he will be redirected to

I'ld like to implement SSO using SAML 2.0 in my web applications. I have seen spring-security-saml and example of spring boot application . There are a couple of things I wanted to know after I went through the sample: Is it possible to take Idp Url and certificates at run time and use spring saml to validate against that Idp ? ( So essentially I do not want to predefine any of the Idp related details and take an input from admin user to configure Idp ) Is metadata of Idp a necessary field or Is it possible that if IDP is not reachable directly from the SP then also it can just create a

I implement a SAML 2.0 SP. I have a login servlet with endpoint https://my.domain.com/mng/samlLogin , so in the SP metadata file I define: <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://my.domain.com/mng/samlLogin" index="0" isDefault="true"/> And send this endpoint in the AuthenRequest under the AssertionConsumerServiceURL. Now, I have another servlet with a different functionality, and it needs to validate the user against SAML as part of its flow. So I need to define the new servlet's URL as an additional endpoint, let's say https:/

Suppose SP-init SSO is carried out, HTTP-Redirect Binding is used instead of HTTP-POST Binding and signed AuthnRequest is required. It means to include the SAMLRequest in the URL. Q1. Do I need to include the signature in the URL or just embed in the SAMLRequest ? The redirect url is http://idp.example.com/SSOService.php?SAMLRequest= {val1}&Signature={val2}&SigAlg={val3} with my SAMLRequest (without signature) <samlp:AuthnRequest ID="" Version="2.0" IssueInstant="2015-05-22T02:47:38Z" Destination="" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL=""

In reference to this SO question Add request parameter to SAML request using Spring Security SAML I am wanting to replace the default HTTPRedirectDeflateBinding bean with my own that has a custom HTTPRedirectDeflateEncoder to add query params to my SAML request. I'm trying to achieve this with the Spring Boot @Bean auto-configuration annotation and being new to the Java environment I can't seem to get it working right. I can see that my bean is registering on startup but the outbound HTTP request is not being intercepted by it and it appears the original redirectBinding still is. Here is my

In the Windows Identity Foundation (WIF) 4.5 config, what is the relationship between issuerNameRegistry and certificateValidation ? What portion of a SAML 2.0 assertion is validated by each? For example: the code & config below will verify that the issuer cert has the given thumbprint. But I assume a certificateValidationMode other than "None" will validate some additional details? var handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers; var token = handlers.ReadToken( myxmlReader ); var identities = handlers.ValidateToken( token ); config: