saml | 易学教程

Central login with SAML and making site to work as identity provider

阅读更多关于 Central login with SAML and making site to work as identity provider

问题 So my scenario goes like : I have two sites a.com and site b.com and one authentication server cauth.com . what client wants is ... When user lands on a.com or b.com user fills in the login form on respective site , but the action of form will be on cauth.com (cauth.com/authenticate). when user is authenticated on cauth he is loggined on the both sites. I am thinking to implement SAML to achieve the same and flow is like after authentication iDP(cauth.com) will send SAML response to the both

Creating custom SAML token

阅读更多关于 Creating custom SAML token

问题 I need to create SAML token with custom data. There is a good looking example on MSDN but it's not compiling.... Have anybody got smt to read about it of working sample? Or is just adding new claims to Assertion collection? Do i need to describe them in federationmetadata? What other issues should i do? Would be glad to see any help. 回答1: I remember there's some custom SAML token generation code in one of the ACS samples. That would be a good place to start. You can download it here, look for

What's the difference between ADFS, WIF, WS Federation, SAML, and STS?

阅读更多关于 What's the difference between ADFS, WIF, WS Federation, SAML, and STS?

问题 These are numerous technologies and buzzwords used for single sign-on with Microsoft services. Can someone explain ADFS, WIF, WS Federation, SAML, and STS (Security token service), including where and when each is being used. 回答1: From a big picture viewpoint: Assume an ASP.NET browser-based application that requires authentication and authorization. The application can roll its own or it can outsource it. WIF is a .NET library that allows ASP.NET to implement this outsourcing. It talks to an

What is the difference between OpenID and SAML?

阅读更多关于 What is the difference between OpenID and SAML?

问题 What is the difference between OpenID and SAML? 回答1: Original OpenID 2.0 vs SAML They are two different protocols of authentication and they differ at the technical level. From a distance, differences start when users initiate the authentication. With OpenID, a user login is usually an HTTP address of the resource which is responsible for the authentication. On the other hand, SAML is based on an explicit trust between your site and the identity provider so it's rather uncommon to accept

Reading an X.509 certificate with Java

阅读更多关于 Reading an X.509 certificate with Java

问题 I am trying to use Java to read a certificate that I received from an external party. The code is throwing the following error: java.lang.RuntimeException: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor The code: FileInputStream ksfis = new FileInputStream(this.getCertificateFile()); ksbufin = new BufferedInputStream(ksfis); certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate

What are the different NameID format used for?

阅读更多关于 What are the different NameID format used for?

问题 In SAML metadata file there are several NameID format defined, for example: <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> Can anybody explain what are these used for? What are the differences? 回答1: Refer to Section 8.3 of this SAML core pdf of oasis SAML specification. SP and IdP usually communicate each other

Logging into SAML/Shibboleth authenticated server using python

阅读更多关于 Logging into SAML/Shibboleth authenticated server using python

问题 I'm trying to login my university's server via python, but I'm entirely unsure of how to go about generating the appropriate HTTP POSTs, creating the keys and certificates, and other parts of the process I may be unfamiliar with that are required to comply with the SAML spec. I can login with my browser just fine, but I'd like to be able to login and access other contents within the server using python. For reference, here is the site I've tried logging in by using mechanize (selecting the

Working with SAML 2.0 in C# .NET 4.5

阅读更多关于 Working with SAML 2.0 in C# .NET 4.5

问题 I am trying to use pure .NET (no external classes, controls, helpers) to create a SAML message. I found some code on the interwebs; this is what I have: private static SamlAssertion createSamlAssertion() { // Here we create some SAML assertion with ID and Issuer name. SamlAssertion assertion = new SamlAssertion(); assertion.AssertionId = "AssertionID"; assertion.Issuer = "ISSUER"; // Create some SAML subject. SamlSubject samlSubject = new SamlSubject(); samlSubject.Name = "My Subject"; // //

OpenSaml

阅读更多关于 OpenSaml

最近在看OpenSaml，发觉真是国内的资料太少，整理下自己的理解： 1. 单点登录：不同站点使用共同的认证平台，比如，sina weibo和Sina News，Sina News 2. 微软后来提出passport服务，由微软统一提供账号和认证服务，这就是Web SSO的理念。随着发展，SAML成为Web 单点登录的执行标准，目前是Saml2.0. 3.SAML安全断言标记语言：随着越来越多的系统通过Web服务、门户和集成化应用程序彼此链接，对于保证信息安全交换标准的需求也随之增多。 Saml提供了一个健壮且可扩展的数据格式集，在各种环境下交换数据和身份识别信息。 4. Saml的出现大大简化了Web SSO，并被组织化结构信息标准促成组织(OASIS)批准为Web SSO的执行标准。一个关键概念是身份联邦，它可满足SAML的定义，也就是可使用独立、管理的各个信息来源中的信息。 5. 利用SAML构造的SSO模型：在利用Saml构造的SSO模型中，安全认证机构采用SAML断言作为会话令牌，令牌中包含的用户凭证通常由安全机构进行数据签名，这样收到此令牌的网络服务可知令牌发行者的身份，解开令牌便可看到认证断言，从而间接认证了申请服务的用户身份。在这种情况下如果用户再次申请别的网络服务，只需将SAML机构颁布给他的认证令牌出示给新的网络服务即可。用户---》安全认证机构 /

How to Load RSA Private Key From File

阅读更多关于 How to Load RSA Private Key From File

问题 I am working on a test harness for a SAML 1.1 Assertion Consumer Service. The test must generate a signed SAMLResponse and submit it to the ACS encoded in Base64. The ACS must be able to verify the signed message using the X509 public cert. I am able to build the SAMLResponse, adding the necessary assertions, etc. But when I try to sign the object I am running into problems. Here is a snippet of my current code: String certPath = "mycert.pem"; File pubCertFile = new File(certPath);