问题
I have a SP(Service Provider implemented using Spring SAML), I want the SP will send the authentication SAML token to another service application .Now I need validate(only) the token against the IDP at service apilcation end. How can I achieve this?
Any help will be apreciated
回答1:
There is no mechanism in the standard SAML profiles which allows validation of issued SAML assertions against IDP servers. Validation is typically done by recipients of the tokens - by validating XML signature on the assertion and verifying it was performed using a trusted certificate.
There are also additional standards which prescribe issuing and usage of SAML assertions for such use-cases, for example WS-Trust, but it tends to get complex pretty fast.
You might also want to look into OAuth 2.0 standard, which is a good way to achieve machine-to-machine authentication, performed on-behalf of a user.
来源:https://stackoverflow.com/questions/29096638/only-saml-token-validation