saml

Does anyone know if there is any documentation for OpenSaml3 anywhere? Paid or otherwise? I know there used to be a $15 book available, but I believe that only covers OpenSaml2. I know this will probably get voted down as it not a programming specific question, but Spring-Saml lists SO as it's primary forum now ( http://projects.spring.io/spring-security-saml/ ). SAML is a pain to implement without a good library and I think that Spring-SAML is the best thing available to someone writing on the JVM. Since Spring-Saml looks to be abandoned and with OpenSaml2 coming to end-of-life soon. I would

I kind of understand how basic SAML authentication supposed to work: User request resource at SP SP sends auth request to IDP IDP authenticates user and sends back some userId SP sends attribute query to IDP for additional details with userId IDP sends back attributes SP gives user resource My issue is, can you any way bypass AttributeQuery. When I make a SAML 2.0 request to my testing Gluu/Shibboleth server, I get back givenName (firstname) and sn (lastname). Is there anyway I can request inum user id and email in just the AuthnRequest? My request is pretty simple: <samlp:AuthnRequest xmlns

Is it possible to validate a signature only having an ancestor or root certificate in the hierarchy? Disclaimer: I'm a newbie to the certificates handling so please forgive the naive terminology. Consider the following situation. We have two parties (let's call them IdP for Identity Provider and SP for service provider) and some central certificate authority CA which is definitely trusted by both IdP and SP. CA has it's own certificate CertCA known to both IdP and SP (imported into IdP's and SP's keystore under some alias) Out CA issues one certificate for IdP ( CertIdP ) and one for SP (

I am studying SAML and SSO, and it looks like the application that use SAML need to be a web application and relying on a browser. Can anybody tell me why? My limited knowledge of SAML tells me that SAML relies on session and cookie, which is not available in desktop application or mobile app. Is that the only reason? Can you give me more details about this? Well you are partly wrong. There are different access profiles for SAML2. Web browser Single Sign On is probably the most widely used one. It's based on redirects and as name suggest, it needs browser. You can use for example ECP (Enhanced

Background: I want to integrate SSO in my existing application with my client's application and client IDP does not support any SAML and OAuth standards. Problem Statement: I'm looking for a custom solution where if any client application simply opens a link of my application then my application must be able to recognise that user/client and should auto logged-in into my application. Though, I've done enormous research before asking this question in this forum: My findings so far: Some of my findings which I can use to auto login into my system using the following custom techniques: JWT token