I have several Web applications all running in WebLogic 10 and I want to authenticate the users using SSO and WebLogic's built-in SAML 2 SSO support. I configured a SAML2IdentityAsserter on the security realm and created a Web SSO Identity Provider Partner that uses the meta-data from the identity provider that I set up earlier. That al...
We are considering spring-ws as the platform for implementing web services that will be deployed on weblogic. We need to use WS-Security with SAML tokens issued by our identity management platform (TFIM). The Spring-ws documentation for XwsSecurityInterceptor does not mention SAML, and it is not clear to me if would work in this contex...
I'm implementing a SAML 2.0 Service Provider and need to install a SAML 2.0 Identity Provider for testing. Given this need, the Identity Provider should ideally be free (or have a trial period) and be easy to set up and configure. I'm looking for basic single sign on and single log out functionality. I've tried Sun Opensso Enterprise. ...
I need to create a some SAML 2.0 assertions, and I'm having trouble finding what the XML should really look like. Most of the documentation seems to be about using particular tools, not about the messages. I've got the schemas, with a plethora of possibilities, but I can't find an example of what the relevant messages actually look like...
We are being tasked to hook up SAML 2.0 SSO in our application. We are a Microsoft shop running dot net framework 2.5. I have identified a couple of toolkits and I was wondering if anyone has had any experience with either. They are NetXtreme SAML from SAFABYTE and the ComponentSpace SAML 2.0 toolkit. Candid responses are appreciated!...
Can anyone recommend libraries for generating SAML assertions for a federated sign-on implementation in .NET. It would be ideal if it was integrated with the ASP.NET membership API. ...
I've possible got to implement SAML for a couple of sites we have and I was wondering if this kind of requirement can be implemented in infrastructure technologies like Active Directory or do I have to implement the solution in application code? Cheers Ollie ...
Can someone please point me in the direction of an example creating a SamlAssertion that includes an AudienceRestriction in the Conditions node? below is an example of my code where I would want to put it: //Create the SAML Assertion SamlAssertion samlAssert = new SamlAssertion(); samlAssert.AssertionId = Convert.ToBase64String(encodin...
How can i validate in .Net C# a SAML signature created in Java? Here is the SAML Signature that i get from Java: <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> </ds:CanonicalizationMethod> <ds...
I know AuthnContext is an optional part of the SAMLResponse. Confusion prevails over the 'correct' use of saml:AuthnContextClassRef in the SAMLResponse. Based on our user authentication, it should always be 'PasswordProtectedTransport' since we donot have any other authentication mechanisms.But there might be some service provider's wit...
I order to set up SSO and function as Service Provider with my Identity Provider I need to specify which certificate I want to use for signing and encrypting in the exchanged metadata XML file. But how do I create the encrypted and encoded representation (like below) of my certificate so it can be put into the XML. What process do I need...
Hello All, I have to write an xml file using python standard modules (not using elementtree, lxml etc) The metadata is a SAML identity provider metadata and is of the form - <?xml version="1.0"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://w...
I have a rails app that is currently an affiliate site with my customer's SSO Identity Provider. Currently it uses the CA SiteMinder Affiliate Agent, which is an apache module. The underlying SSO architecture is abstracted away and my Rails app only has to parse and HTTP Header to receive the values from my customer's Identity Server. ...
Hi, I have to implement SSO with SAML for my company's website (as the relying party). An essential part off course is the verification of the signature. Here is the signature part of a sample SAML from our partner company (asserting party): <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo xmlns:ds="http:...
Hi, I am working on providing a SSO solution to a customer who acts as an identity provider. He already has Siteminder on his side to generate SAML 1.1 assertions with user id and timestamp as parameters. Our task is to accept this assertion which is signed, decrypt it and send it to the authenticator we already have. The authenticator ...
I want to implement SSO with SAML tokens in JBossAS. The scenario is as follows. I have 2 applications app1 and app2 running on 2 JBoss instances. Login into app1 and enter username / password using form based auth. Once login, click on the link that should be redirected to the app2 page. This should use SSO with SAML tokens on JBoss...
I'm looking for a very easy and quick way to generate some SAML assertions. This is only going to be used for testing (using SOAP UI). So I just need something that can generate a valid assertion, signed or unsigned, that I can then drop into SOAPUI and send off to my Web Service. I know how to add the assertion to the SOAP message and a...
I have a Drupal site I am standing up for a client. I've been asked to use Single Sign on using SAML2 (where I would be the service provider and my client would be the identity provider). The best thing I have found so far has been either SimpleSAMLPHP https://ow.feide.no/simplesamlphp:drupal or Shibboleth -- http://drupal.org/proje...
The official Web Agents user documentation does not state what version of SAML is supported. I am trying to integrate this with a Policy Server that is not running Sun's OpenSSO policy server, so my only requirement is to support SAML 2.0. Has anyone had experience with this type of setup? ...
I have implemented a SAML Service Provider to support Single Sign On for an ASP.Net web portal, which is a shrink-wrap software configured on clients' sites and must be able to interact with any SAML-compliant Identity Provider. My Assertion Consumer Service (ACS) page will accept the SAML Response through both GET and POST methods. As...