saml

问题 An app is communicating via the Open ID Connect protocol with AWS Cognito , which is connected to ADFS , communicating via SAML. Cognito is essentially "proxying" the ADFS server. ADFS holds a group mapping that the app requires, and I would like to import these groups into Cognito as actual Cognito Group - which will then be read by the app from the cognito:groups from the ID-token Cognito provides. In the AWS Cognito User Pool setup, I don't see a way to map ADFS groups to Cognito Groups -

问题 I am new to the concept of Single Sign On(SSO). I came to know that SAML request and response is the best way to achieve SSO process. I then started reading about SAML2.0. I came around a term NameIdPolicy in saml2.0 which was not there in saml1.0. Definitions say that It is the format of the NameID we request from the IdP.I want to know what is that format is? I mean what data from IDP should come in the format NameIDPolicy specify? Can anyone brief me on this NameIdPolicy concept? 回答1: From

问题 I'm trying to implement a SAML 2.0 authentication against Windows ADFS for a web application. So far I succeeded in authenticating and getting what I need from ADFS by manually configuring the Relying Party Trust and the assigned Claim Rules. Now I want to provide federation metadata for my application to make it easier to set up the required stuff in ADFS. However I can't figure out how to pass the required Claim Rules in that metadata. Here's what I have so far: <?xml version="1.0"?>

问题 I'm trying to add the saml 2.0 assertion node from the soap header example below - I came across the samlassertion type in the .net framework but that looks like it is only for saml 1.1. <S:Header> <To xmlns="http://www.w3.org/2005/08/addressing">https://rs1.greenwaymedical.com:8181/CONNECTGateway/EntityService/NhincProxyXDRRequestSecured</To> <Action xmlns="http://www.w3.org/2005/08/addressing">tns:ProvideAndRegisterDocumentSet-bRequest_Request</Action> <ReplyTo xmlns="http://www.w3.org/2005

问题 I have an application which is accessed by two types of users, internal and external. I need to authenticate external users using SAML. I need to authenticate internal users with the normal form-based login. My application need to support both types of users. I use spring security frame work. Is it possible to support both types of users? if so can you suggest the approach at high level? Thanks. 回答1: You can easily enable support for both form and SAML authentication with configuration

问题 Using VS 2008 with .Net Framework 3.5 on windows 2003 server. We have implemented SSO with SAML for security. We work at service provider end where we validate the Signed XML SAML Assertuib token generated from client's system. As of now whatever signed documents we came across were using the Signature Algorithm "rsa-sha1", but now we have new customer who sends a file with the signature algorithm as "rsa-sha256" and here is the problem started. public static string VerifySignature() { if (m

问题 Hi I am new to SAML and SSO techniques. I am trying to create a valid SAML reponse with signed and encrypted Assertion. I have created a SAML response which is signed but i am not able to encrypte the assertion and create the tag. My Generated SAML response is, <samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_88a4cf19-6f41-46ee-9dc3-98ac80168bd9" Version="2.0" IssueInstant="2015-03-26T11:43:13.4468624Z" Destination="Test1" xmlns:samlp="urn:oasis:names:tc:SAML:2.0

问题 I want remember url request parameter from first request of my site (SP) and use them after response from IdP. I'm using spring-saml extension and think about relayState attribute but can't find example how build it with parameters from request. I need that for redirect user after sso authentication process to target page (module of application) depends on what was in first request. 回答1: Spring SAML sample application behaves like this out of the box. When user hits a page which is protected

问题 After researching on the topic of claims-Based security (or a federated security model). I've been coming across many examples that use CardSpace as an example. The main article that I read that gave a really great explanation of the subject was a PDF by Microsoft on a framework called Zermatt. The claims-based security architecture I'm looking into is the equivalent of implementing an STS Authentication Broker in combination with an STS Authorization Broker. This way, when I create a new

问题 I have a client in keycloak for my awx(ansible tower) webpage. I need only the users from one specific keycloak group to be able to log in through this client. How can I forbid all other users(except from one particular group) from using this keycloak client? 回答1: On Keycloak admin console, go to Clients menu, select your client. On the client configuration page, set Authorization Enabled: On , click Save . A new Authorization tab should appear, go to it, then to the Policies tab underneath,