saml

问题 I have a CodeIgniter 2.1 internal web app which uses a simple shared password (no usernames) for authentication. It's time to pull that out and ideally use Single Sign On with our company Google Apps accounts to authenticate specific internal users, and in the future allow external users to authenticate with their Google/Twitter/Facebook accounts. So the question is, where should I start to achieve what I'm looking for above? Google SAML SSO for Google Apps? CodeIgniter OAuth 2.0 library?

问题 I am trying to implement the same algorithm in Java for SAML HTTP Redirect Binding which is described here: How do I correctly prepare an 'HTTP Redirect Binding' SAML Request using C# The algorithm is rather simple: Build a SAML string Compress this string Base64 encode the string UrlEncode the string. This should be the equivalent Java algorithm: public String encodeRedirectFormat( String samlXML ) throws IOException{ ByteArrayOutputStream os = new ByteArrayOutputStream();

问题 I’ve been working with Apache CXF and WSS4J to implement a SecurityTokenService. Using a “CustomClaimsHandler” implementing "org.apache.cxf.sts.claims.ClaimsHandler" I can create a SAML token containing this kind of attributes : <saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xsi:type="xs:string">admin</saml2:AttributeValue> </saml2:Attribute> The thing is I am now

问题 I'm trying to setup SimpleSAMLphp IdP to send a SAML response to my local dev server (SP-initiated flow in this case) . This IdP is based on a Docker image from https://hub.docker.com/r/kristophjunge/test-saml-idp/ (ver. 1.15 I believe). The whole setup is to emulate a similar environment that I have whereby G Suite IdP is used against the same local dev SP - trying to eventually eliminate the cloud dependency from my local dev environment and replace it with an equivalent SimpleSAMLphp one.

问题 I am attempting to use SP-initiated SLO with SalesForce (trying Redirect and POST) with the following LogoutRequest: <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_1583fa34b3e9426ba5885849204d6f8d" Version="2.0" IssueInstant="2017-11-14T18:42:25Z" Destination="https://myorg-dev-ed.my.salesforce.com/services/auth/idp/saml2/logout"> <saml:Issuer>myorg</saml:Issuer> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1

问题 I am using spring boot 1.4.0+spring-security-saml2-core 1.0.2 with the help of following link Spring-Boot-Saml-example it is working great. Now i would like to disable the spring-saml security in my local environment(Local PC).It should work in DEV & Production environment.What is the minimal change i should do to disable the SAML security in spring-Boot? or is it possible to set default user who is having all the securities so that SAML won't do the security checks(This is my assumption).

问题 I have gone thru the steps listed in the document - https://developer.okta.com/blog/2017/03/16/spring-boot-saml#run-the-app-and-login-with-okta Everything works fine and I see SAML response getting generated and reditection happening to Application from OKTA but when the request reaches the application, I get this error- type=Forbidden, status=403). Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'. I have tried disabling csrf but then it goes in

问题 According to the documentation, the ID token (a JWT token) created by Cognito upon user authentication is also supposed to contain the custom attributes defined for the user's User Pool. It seems that when the User Pool is configured with a SAML identity provider, the ID token does not contain those custom attributes of the user pool, but only the Cognito attributes which are mapped from the SAML token. Note: the custom attribute is already configured when the user pool is created, therefore

问题 Where can I find useful documentation about using Shibboleth and SAML for SSO besides the Shibboleth Wiki pages, preferably for Ruby applications? Ruby-specific documentation for Shibboleth seems to be very sparse. Does anyone know good resources, tutorials or HowTos? 回答1: Unfortunately, the only useful documentation I found is the official documentation from the creators of Shibboleth and SAML themselves. This seems to be a good technical overview about SAML 2 in general from the standards

问题 I'm reading the SAML specification and experimenting with Keycloak and Shibboleth IdPs and I'm not sure how to implement one feature in an SP-initiated login. I have a service that traditionally used to have an SP status information displayed on its login page (e.g. application version, status). After switching to using an IdP login page I'd like to keep displaying such per-SP additional information on the login page of the IdP. I'm interested in the data exchange, not in templating the login