saml-2.0

问题 I'm trying to integrate the Spring Saml library in a sample webapplication, using Shibboleth as IDP. I'm able to load the login page, to login and to show the index page. The problem is that when I click on other links the webapp redirect me to the login page, then the IDP recognizes me and redirects to the requested page (if the network is fast it's very difficult to see this). It's like I'm not logged in for Spring security. I checked the log and I found this: org.springframework.security

问题 I am trying to implement a SSO that is provided by another website. The instructions ask me to enter "issuer" info. Which turns out is equivalent to the EntityID URL in the EntityDescriptor. I am assuming I need to set that URL to some url on my server, but what I cant seem to figure out, is what that URL actually does. I assume a file needs to be placed at that URL with some information, but I can not seem to work out what that info is. So what info is required at the EntityID URL in order

问题 I have a .cer file provided from some other party. I need to create a saml credential with this .cer file. For this, I imported .cer file to jks file using following command. ( Password is same as password. It asked from prompt to accept certificate. I gave y then it said certificate is added to keystore ) keytool -importcert -file xyz.cer -keystore test.jks -alias "testsp" Then I used this jks file to create credential as below. private Credential getCredential() { KeyStore keystore =

问题 I've seen a bunch of flow chart on how it is passed around between Identity Provider (IdP), Service Provider (SP), and Browser via Redirects. However it seems unnecessary to me right now, so i know i'm missing something. Can someone provide me a use case where a SAML Artifact is required (or very useful) compared to not using one? Thank you. 回答1: Typically, the intent of the artifact binding is to reduce the flow of SAML messages through the browser itself. This could be due to browser

问题 I have been assigned a task where I (the iDP) need to connect to a service provider. So far I have the code: public ActionResult SSO(string SAMLRequest) { var model = new ApiSsoModel(); try { if (SAMLRequest == null) throw new ArgumentNullException("The parameter \"SAMLRequest\" is null."); byte[] decoded2 = Convert.FromBase64String(SAMLRequest); string decoded3 = string.Empty; using (MemoryStream stream2 = new MemoryStream(decoded2)) { using (MemoryStream stream3 = new MemoryStream()) {

问题 I can use OpenAM to query a list of users and a list of groups by using its REST API: /openam/json/users?_queryID=* /openam/json/groups?_queryID=* Is there an equivalent (or similar) API of the above in PingFederate? 回答1: This is not something that is currently available in the product. The reason being that it can use any of a number of user stores (adapters in the product's terminology) at the same time, and it doesn't have a specific set of users. If you are a current customer, you could

问题 I have added my web application into onelogin using SAML Test Connector. In Configuration tab I have given the following values Recipient : http://localhost:8080/em/live/pages/samlAuth/ ACS(Consumer) URL Validator* : ^ ACS (Consumer) URL* :http://localhost:8080/ws_em/rest/accounts/consume-saml Login URL : http://localhost:8080/ws_em/rest/accounts/produce-saml Where http://localhost:8080/ws_em/rest/accounts/produce-saml creates an SAML Request by taking IssuerUrl, SAML EndPoint Copied From

问题 Updated: Thanks for responding on my post. I am very sorry, as of today these were the requirement details. However, I can elaborate more on what I understand. I some idea on WIF, where I can write my own STS, RP and publish policies. Couple of queries here. Do we need to have an IdP and should we connect STS to IdP. if not, can we go without IdP. I will have to use claim base authentication and federated identity mgmt in the application.we do not depend on AD/LDAP integration. Imp

问题 I'm using Spring Security SAML 1.0.1. I've set up the IDP metadata so it reaches a Discovery service which is defined by idpDiscoveryURL . This parameter contains the URL http://wayf-shib.ueb.eu/fede-renater/WAYF . The remote Discovery is reached, but it complains that the request does not contain the "return" parameter. Indeed, this is the request that Spring SAML generates: http://wayf-shib.ueb.eu/fede-renater/WAYF?entityID=http%3A%2F%2Facem.u-bretagneloire.fr%3A80%2FACEM%2Fsaml%2Fmetadata

问题 I am using Django 1.9, Python 3, running locally on Docker (for testing) Trying to integrate django-saml2-auth into my application. Pretty much followed all the steps in the docs: 1) All installations were successful 2) New URLs were imported above the rest 3) Installed apps includes 'django_saml2_auth' 4) 'SAML2_AUTH' dict was placed in settings (and all attributes were mapped) 5) In the SAML2 identity provider (using OneLogin), the Single-sign-on URL and Audience URI(SP Entity ID) was set