single-sign-on

问题 These are numerous technologies and buzzwords used for single sign-on with Microsoft services. Can someone explain ADFS, WIF, WS Federation, SAML, and STS (Security token service), including where and when each is being used. 回答1: From a big picture viewpoint: Assume an ASP.NET browser-based application that requires authentication and authorization. The application can roll its own or it can outsource it. WIF is a .NET library that allows ASP.NET to implement this outsourcing. It talks to an

问题 I am building an application which needs user credentials for multiple users. If SSO is enabled, then I cannot logout the user (provided Facebook app is installed on the device) after using our application. The session persists, and the only method for logging out the user is via the facebook app, before the next user can login to our application. So, I need the SSO disabled, so that it is independent of the facebook app on the device. I have seen the problem being queried here: Disabling and

问题 Does OpenID improve the user experience? Edit Not to detract from the other comments, but I got one really good reply below that outlined 3 advantages of OpenID in a rational bottom line kind of way. I've also heard some whisperings in other comments that you can get access to some details on the user through OpenID (name? email? what?) and that using that it might even be able to simplify the registration process by not needing to gather as much information. Things that definitely need to be

问题 I wish to create a wiki page for internal use within my company. Ideally, I would like it to verify logins against our company windows domain, so that the user does not have to create a new account specifically for the wiki in order to to access it. So, users currently log into a domain when they log into their computer in work in the morning. I want to use these credentials in my webpage to verify that the user should be allowed to edit the page ? I want the users login to be maintained so

问题 I'm getting login failed invalid key error while using an updated version of Facebook. If I delete it - it's working fine.. What is the correct way of creating a hash key ? I know that there are a lot of questions and answers for single sign on in Android, but none helped me to implement single sign-on in Android. My code: public class Main extends Activity { Facebook facebook = new Facebook("XXXXXXXXXX"); @Override public void onCreate(Bundle savedInstanceState) { super.onCreate

问题 In SAML metadata file there are several NameID format defined, for example: <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> Can anybody explain what are these used for? What are the differences? 回答1: Refer to Section 8.3 of this SAML core pdf of oasis SAML specification. SP and IdP usually communicate each other

问题 I'm using the latest facebook iOS SDK (supporting SSO) to connect my iPhone app with facebook. So far so good.. Since my current app is free with ads, I would like to create another version without ads (which i will charge for). I prefer not to use the in-app purchase approach. The problem i'm facing is that with the facebook SSO, I need to bind the iOS application to a URL which is based on the facebook app ID. Since I have only one facebook app to be used by both of the iphone apps, the two

问题 There is a lot of information on the web about using JWT ( Json Web Token ) for authentication. But I still didn't find a clear explanation of what the flow should be when using JWT tokens for a single sign-on solution in a multiple domains environment . I work for a company which has a lot of sites on different hosts. Let's use example1.com and example2.com . We need a single sign-on solution, which means if a user authenticates on example1.com , we want him to also be authenticated on

问题 Update This was reported to Facebook via https://www.facebook.com/whitehat/report/ on Dec 16th 2013 and Facebook responded on Dec 17th that the bug has long since been fixed . I have retested this with my Facebook account (that I still haven't verified the email address on) and when using the Grap API Explorer tool it is not possible to get the email address of this account using the Graph API or using a FQL query. Conclusion: The email address you get from Facebook using the Graph API or a

问题 Update This was reported to Facebook via https://www.facebook.com/whitehat/report/ on Dec 16th 2013 and Facebook responded on Dec 17th that the bug has long since been fixed . I have retested this with my Facebook account (that I still haven't verified the email address on) and when using the Grap API Explorer tool it is not possible to get the email address of this account using the Graph API or using a FQL query. Conclusion: The email address you get from Facebook using the Graph API or a