saml

How do I deserialize a SAML assertion in Rampart/C (Axis2/C)?

I have SAML 1.1 and SAML 1.0 responses in utf-8 char * buffers, and I would like to transform them into Rampart/C saml_response_t * objects. My question is this: What is the correct method for creating a saml_response_t from a string? Ideally I'd like a code sample in C that does this and then disposes of the various parser tools in t...

Implementing Claims-Based Security (WCF/Asp.NET)

After researching on the topic of Claims-Based Security (or a Federated Security Model). I've been coming across many examples that use Cardspace as an example. The main article that I read that gave a really great explanation of the subject was a PDF by Microsoft on a framework called Zermatt. The claims-based security architecture I'...

SAML with .NET 2.0

I've been given the task of working with SAML to implement an SSO solution between my company and a third party provider. My only issue is that I can't seem to find how to implement SAML in C# 2.0. I've been able to find a few examples for .Net 3.0 and 3.5, but none for 2.9 (and the classes they use don't appear to be available in 2.0)...

SAML Assertion WriteXML issue in C#

I've created an instance of a SamlAssertion, and added the the authorization statement and attribute statments to it, and now I want to print out the XML so I can do an HTTP post, but not all of the assertion is being outputed. What am I missing (I'm sure it's something bone-headed)? Here is the code I'm using: // Add the Statements t...

Looking for feedback on a first SAML implementation.

Hello, I've been tasked with designing a very simple SSO (single sign-on) process. My employer has specified that it should be implimented in SAML. I'd like to create messages that are absolutely as simple as possible while confirming to the SAML spec. I'd be really grateful if some of you would look at my request and response messag...

SAML identity provider as Java servlet filter?

Can anyone recommend one? Thanks -Morgan ...

Do we absolutely need a STS for SAML?

I am trying to implement SAML enabled SOAP services for the first time and I have some conceptual questions regarding the role of a Secure Token Service (STS) in a SAML implementation. User ---> Web Application ---SOAP/SAML--> Messaging Application Basically the scenario is that the user logs into the Web application using his user na...

Identity provider implementation of opensaml 2.0

Hi All, We need to implement Identity provider implementation of opensaml2.0 for our project. Is there anybody has idea on how to start with... Your response is much appreciated... ...

Signing XML with Public Key Example?

I'm working to implement a SAML service. As such, I believe the identity provider is supposed to digitally sign the SAML assertion using the service provider's public key before sending the assertion to the service provider (which the service provider verifies using their private key). However, I'm having a hard time finding any exampl...

Need info on SAML 2.0

For web based Single Sign On (SSO) We need to implement as per SAML2.0 Starndard specification. Would appreciate if any one provides some info on how to use OpenSAML2.0 using JDK 1.4 ...

Implementing SSO using different versions of SAML

Is it possible to establish SSO between two different vendors when each of them use different versions of SAML. VendorA uses SAML 1.0 and VendorB uses SAML 2.0 ? Can we have a intermidiary that interprets the assertions based on the SAML version ? ...

Why is using a certificate, made with the MakeCert tool, in production bad?

I'm currently working on a project where I've created a CA cert and a couple of child certs to that CA cert. The certificates are going to be used to protect inter-server communication in a SAMLV2 setup so I'm going to have a cert for the identity provider and a cert for the service provider. The user/browser isn't going to validate the ...

Are attributes allowed in a SAML authentication request?

Is it possible to send attributes in a SAML authentication request? <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="aaf23196-1773-2113-474a-fe114412ab72" Version="2.0" IssueInstant="2004-12-05T09:21:59Z" AssertionConsumerServiceIndex="0" A...

WCF Interop with Axis2 using WS-Trust

We are trying to get WCF and Java talking to each other using SAML tokens issued from an STS. Despite the fact that both sides are compliant with the standards, WS-Security, WS-Trust, WS-Policy, etc., they don't seem to talk to each other and one or the other will throw cryptic exceptions or ignore security headers. We are using .NET 3....

How to implement SAML SSO

How is SAML SSO typically implemented? I've read this about using SAML with Google Apps, and the wikipedia entry on SAML. The wikipedia entry talks about responding with forms containing details of the SAMLRequest and SAMLResponse. Does this mean that the user has to physically submit the form in order to proceed with the single sign o...

What is SAML?

I saw an interesting blank page today titled "saml post profile intersite transit." What is SAML? What was it created for? What is it commonly used for? What was the page I mentioned above all about? What functions does it provide that it's rarely used for but are otherwise interesting? Is there something better or other technology tha...

Designing an XACML API

Currently, the XACML specification defines a protocol for request / response but leaves it up to interpretation as to how it can be integrated into an enterprise application. I believe that the value of XACML won't be realized unless there is the creation of a new open source project that attempts to develop/standardize around a set of c...

Convenient applications for Browser/POST and Browser/Artifact SAML profiles

I'm proposing the use of SAML 1.1 as technology to prove Web SSO in a customer environment, and they asked me something interesting: Which scenario Browser/POST profile is appropriate, and which scenarios Browser/Artifact profile of SAML is appropriate? In fact, SAML 1.1 Specifications don´t talk about the best neither most appropriate...

SAML Assertion consumer Service (ACS) - Suggestions on implementation

We are looking at providing SSO for a partner company so that they can access our website without separately loggin in. The partner company already has an SSO implementation within their intranet as well as other partners. We only need to be able to recieve the SAML tokens and confirm that they are valid (either Browser/Post pr Browser/A...

Use gmail domain account with IMAP authentication with SAML authentication not working...

I have a python script that interfaces gmail accounts and allows searches, etc. This works on normal emails (ending on @gmail.com) but not on domain accounts. In this case authentication is done via SAML, and IMAP is enabled on the gmail domain account... The instructions from google on how to configure IMAP only seem to work for @gmail...