saml

问题 We're in the process of looking into implementing SAML based SSO authentication in our applications and I'm wondering if it's possible to specify custom redirect URLs via SAML. In other words can we have a single Service Provider configured in the Identity Provider and have the Service Provider via the SAML request specify where the Identity Provider should redirect the user to after logging in? The reason why we're looking for something like this is because our applications run on different

问题 How to make possible single sign-in into my php app for Office 365 users? I was reading a bit about Microsoft solutions and if I understood well I have to create account on Microsoft Azure AD and buy their services, right? I found out that Azure AD supports SAML 2.0.. Does anyone did this before and can describe a process a bit more detailed for me? && what data I am receving in SAML response? =) I am already familiar with SAML protocol and using it.. just not with Microsoft services and

问题 I am using WSO2 Identity management server(WSO2 IS) for SSO . Once user is authenticated ID server sends the SAML response to webapp. I want WSO2 IS to send token in pre-configured format(like user_name and user_role) to be sent instead of SAML reponse. 回答1: WSO2IS acts according to the SAML2 SSO specification, Therefore username and user's attributes can be found inside the SAML2 Assertion as attribute statement. There is no flexibility to customize it. But, if you do not like SAML2 SSO (As

问题 I am working with Spring SAML and I have problem consuming SAML assertion (sample assertion from Wikipedia article <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="b07b804c-7c29-ea16-7300-4f3d6f7928ac" Version="2.0" IssueInstant="2004-12-05T09:22:05"> <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds

问题 I am working with Spring SAML and I have problem consuming SAML assertion (sample assertion from Wikipedia article <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="b07b804c-7c29-ea16-7300-4f3d6f7928ac" Version="2.0" IssueInstant="2004-12-05T09:22:05"> <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds

问题 I'm trying to adapt the Spring Security SAML sample application to use a test IDP (provided to me by someone else) instead of ssocircle. Clicking on the "SAML Login" correctly redirects me to the SSO login page of the IDP but after login and redirection back to the sample app I get an exception (apparently during artifact resolution) at the root of which is: org.opensaml.ws.message.decoder.MessageDecodingException: Error when sending request to artifact resolution service. at org

问题 After a successful SAML authentication : AuthNRequest;SUCCESS;0:0:0:0:0:0:0:1;https://localhost:8443/saml/metadata;http://www.okta.com/exkdwf3hodKFkefLO0h7;;; The browser is redirected back into an endless loop. I've sat with a debugger stepping through Spring code and looks like it is erroring out in BasicAuthenticationFilter calling SAMLAuthenticationProvider which doesn't support UsernamePasswordAuthenticationToken and throws an exception which in turn sends the browser into an endless

问题 being redirected all the time to my localhost-server, instead of myserver.org:3000/login/callback to localhost:3000/login/callback do not understand why and where from here part of my code: app.get('/', function(req, res){ res.render('index', { user: req.user }); }); app.get('/account', ensureAuthenticated, function(req, res){ res.render('account', { user: req.user }); }); app.get('/login', passport.authenticate('saml', { failureRedirect: '/', failureFlash: true }), function(req, res) {

问题 I am studying SAML and SSO, and it looks like the application that use SAML need to be a web application and relying on a browser. Can anybody tell me why? My limited knowledge of SAML tells me that SAML relies on session and cookie, which is not available in desktop application or mobile app. Is that the only reason? Can you give me more details about this? 回答1: Well you are partly wrong. There are different access profiles for SAML2. Web browser Single Sign On is probably the most widely

问题 I am studying SAML and SSO, and it looks like the application that use SAML need to be a web application and relying on a browser. Can anybody tell me why? My limited knowledge of SAML tells me that SAML relies on session and cookie, which is not available in desktop application or mobile app. Is that the only reason? Can you give me more details about this? 回答1: Well you are partly wrong. There are different access profiles for SAML2. Web browser Single Sign On is probably the most widely