tags:

views:

132

answers:

2
+1  Q: 

Accepting a SAML 1.1 Assertion

Hi,

I am working on providing a SSO solution to a customer who acts as an identity provider. He already has Siteminder on his side to generate SAML 1.1 assertions with user id and timestamp as parameters. Our task is to accept this assertion which is signed, decrypt it and send it to the authenticator we already have. The authenticator validates the info and gives access to our application. Here we act as the service provider.

I am new to SAML and have no idea how to integrate SAML to our current ASP login pages. Can u help me on how to accept these assertion requests from the Idp. They are using SAML/POST profile.

Thanks, king

A: 

ASP login? Oh dear, you will have to manually decrypt, validate and accept/decline the token, and then map the user to whatever role based mechanism your application uses.

If you were on ASP.NET then the Windows Identity Framework would help.

blowdart  2009-11-23 16:13:05
They have an encryption algorithm and are sharing the key with us. The only thing i have to do is decrypt the two parameters and pass them over to the authenticator.asp page we already have that authenticates the user and passes them to the target URL.
king  2009-11-23 17:07:44
It's not that simple. SAML tokens are wrapped in WS-Secure, so you need to pick that apart. They should be encrypting against a public key you supply, and signing with a key pair where they supply you with the public key.In any case VBScript support for these types of functions are minimal
blowdart  2009-11-23 17:10:09
A: 

Ping Identity offers a commercial, out of the box solution to support this use case - PingFederate. This type of use case could be implemented in a just a couple of hours with no custom code. Check out www.pingidentity.com for more information.

Sergei  2009-12-07 15:00:18

related questions

How can I best learn SiteMinder? Was handed a site that integrates with it, and need to maintain it..
Liferay authentication and authorization (Siteminder and Custom Tomcat Authorization)
Navigate to external URL from a backing bean?
Flash/Flex Forms/Gateways problems running CF8 with Siteminder
Convenient applications for Browser/POST and Browser/Artifact SAML profiles
Designing an XACML API
What is SAML?
How to implement SAML SSO
WCF Interop with Axis2 using WS-Trust
ssis and siteminder
Are attributes allowed in a SAML authentication request?
Why is using a certificate, made with the MakeCert tool, in production bad?
Implementing SSO using different versions of SAML
Need info on SAML 2.0
Signing XML with Public Key Example?
Identity provider implementation of opensaml 2.0
Do we absolutely need a STS for SAML?
SAML identity provider as Java servlet filter?
Looking for feedback on a first SAML implementation.
SAML Assertion WriteXML issue in C#
SAML with .NET 2.0
Implementing Claims-Based Security (WCF/Asp.NET)
How do I deserialize a SAML assertion in Rampart/C (Axis2/C)?
Subversion and Siteminder