saml

SAML 2.0 password authentication

别等时光非礼了梦想. 提交于 2019-12-08 08:50:50
问题 I'm aware of how SAML is used for single sign on (SSO). That is, redirection to IDP from SP and getting the user's identity from the SAML response/assertion. My question is - Does SAML 2.0 specification define how to pass username and password as part of a SAML request xml for authentication? Note that I'm not talking about single sign on and just want authentication of username/password. Thanks, 回答1: The SAML standard supports passing a user identifier in the <saml:Subject> field of the

WSO2IS NullPointerException when using step authenticator

99封情书 提交于 2019-12-08 07:34:02
问题 Occasionally (?) the WSO2 IS user is unable to authenticate with following exception. When retrying, the user will be authenticated. Any ideas what could be reason / resolution? We set up the session caching. Using WSO2 Identity Server 5.0.0.SP1 / SAML authentication with the authenticator set to advanced (single step, multiple options). I cannot find the correct source code commit to check out (to match the line number in the exception) Thank you all in advance Gabriel TID: [0] [IS] [2016-02

Signature Validation for a SAML Authn Request via GET method fails

血红的双手。 提交于 2019-12-08 04:59:07
问题 I am sending a SIGNED authnRequest to the idp using c# and asp.net. My code signs the authnRequest but the signature validation fails at idp. Details I tried a lot of solutions but in vain. This is what i am doing following guidlines set by https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf: STEPS Deflate the auth request, then base64 encode it and finally Url Encode it. Lets call it AR Url encode the RelayState. Lets call it RS Url encode the signing Algorithm string.

Can you do symmetric encryption on SAML attributes in SAML 2.0?

泪湿孤枕 提交于 2019-12-08 04:48:24
问题 Can you do symmetric encryption on SAML attributes in SAML 2.0? We can seem to do asymmetric. What are pros and cons? 回答1: SAML 2.0 utilizes XML Encryption (Sect 5.2.1 and 5.2.2). With that said, Sect 4.2 of the SAML 2.0 Conformance docs specifies you must support the following to be SAML 2.0 compliant: Block Encryption: TRIPLE DES, AES-128, AES-256. Key Transport: RSA-v1.5, RSA-OAEP In other words, SAML 2.0 mandates you use asymmetric keys. So, the "cons" will be that you are not SAML 2.0

Can you do symmetric encryption on SAML attributes in SAML 2.0?

风格不统一 提交于 2019-12-08 04:20:37
Can you do symmetric encryption on SAML attributes in SAML 2.0? We can seem to do asymmetric. What are pros and cons? Ian SAML 2.0 utilizes XML Encryption (Sect 5.2.1 and 5.2.2). With that said, Sect 4.2 of the SAML 2.0 Conformance docs specifies you must support the following to be SAML 2.0 compliant: Block Encryption: TRIPLE DES, AES-128, AES-256. Key Transport: RSA-v1.5, RSA-OAEP In other words, SAML 2.0 mandates you use asymmetric keys. So, the "cons" will be that you are not SAML 2.0 compliant if you utilize symmetric encryption of SAML Attributes which will lead to interopability issues

Is there a way to filter/avoid duplicate attribute names in keycloak SAML assertions?

别来无恙 提交于 2019-12-08 02:27:33
问题 I'm trying to setup SSO with nextcloud (13.0.4) and keycloak (4.0.0.Final) (as SSO/SAML IDP und user management solution) like described at SSO with SAML, Keycloak and Nextcloud. However, trying to login to nextcloud with the SSO test user configured in keycloak, nextcloud complaints with the following error: OneLogin_Saml2_ValidationError: Found an Attribute element with duplicated Name /var/www/html/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Auth.php - line

How to avoid 'SamlAssertion.NotOnOrAfter condition is not satisfied' errors

与世无争的帅哥 提交于 2019-12-07 22:44:45
问题 Recently I have started using claim-based authentication on an existing web application. Because the application makes use of jQuery & more notably, the AJAX functions, I have had to alter the handlers not to attempt to redirect the XmlHTTPRequests , and instead return a 403 status which is easier to handle. Here is the FederatedAuthentication.WSFederationAuthenticationModule.AuthorizationFailed event hanlder: protected void WSFederationAuthenticationModule_AuthorizationFailed(object sender,

WSO2IS NullPointerException when using step authenticator

耗尽温柔 提交于 2019-12-07 18:16:27
Occasionally (?) the WSO2 IS user is unable to authenticate with following exception. When retrying, the user will be authenticated. Any ideas what could be reason / resolution? We set up the session caching. Using WSO2 Identity Server 5.0.0.SP1 / SAML authentication with the authenticator set to advanced (single step, multiple options). I cannot find the correct source code commit to check out (to match the line number in the exception) Thank you all in advance Gabriel TID: [0] [IS] [2016-02-15 13:07:22,914] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request

Why is OpenID Connect considered mobile friendly compared to SAML

早过忘川 提交于 2019-12-07 09:08:50
问题 I've read in multiple places that OpenID Connect is mobile friendly and SAML is not really designed for mobile. I'm new to both of these protocols but what I understood is that the mobile apps need to launch a browser equivalent (WebView) in order to handle the authentication at IDP and also to handle the redirects involved with SAML flow. Can this be avoided with OIDC? I'm not interested in how social logins with Google etc work but scenarios where enterprises federate via OIDC. Is it even a

Is it possible to create a new user via ADFS?

让人想犯罪 __ 提交于 2019-12-07 08:55:30
问题 I am in the process of scoping out whats involved in setting up single sign on using SAML and ADFS. A query has come back that I can't answer and can't seem to find anywhere. Is it possible to carry out the usual user profile actions via ADFS? For example : Can I register new users via ADFS? Can I provide forgotten password / reset password functionality via ADFS? I'm getting confused and have a feeling I am barking up the wrong tree! 回答1: No, AD FS only delivers security tokens for Active
订阅 saml