On a SAML v2 Federation, is it possible for the SPs to exchange attributes when the federation is based on the use of Pseudonym Identifiers? Should the SP that holds the attribute function as an IdP? In that case, should there be a transient linking of accounts between SP1 & SP2? ...
At work we have a web app that we'll need to interface with another company's web app using Single Sign On validated by SAML. Our web apps are written in PHP, and it's obviously irrelevant what language choice the other company is using. Nonetheless, I've needed to write a simple API that this other company can send SOAP requests to with...
A supplier uses Ping Federate for SAML-based single sign-on. I've got some custom SAML 2.0 code which implements a rudimentary identity provider. I'm doing IDP-initiated SSO with URL and HTTP Post. The PF service provider is at https://domain/sp/startSSO.ping. What URL should I be posting my response (assertion) to on the PF server? I t...
Hello. I'm very very newbie at SAML... My question is simple: Upon SAML request what IdPs usually do? I guess they first parse the XML... and then? Can anybody describe me the steps? I mean the common steps, that every IdP has to do at least. Thanks. ...
I'm beginning work on adding SAML SSO support to a project and am looking for any helpful resources specifically geared towards PHP. I understand the basic concepts and have poked around for any libraries that could help but have come up empty. The only thing I've found is simpleSAMLphp which appears to be an entire stack. Any tips for ...
has anybody an advice, how long a SAML Token should be valid (in a SOA infrastructure)? I thought of several (6-12) hours. many thanks Markus ...
Hi, I have a customer who is sending a Security key. The encryption they are using is triple DES. Every Assertion they send has a signature value which needs to be validated to give them necessary privileges. Can you give me a sample code which does this? Thanks, King ...
I'd like to write an web application which does authetification using SAML 2.0 tokens issued by an identity provider. I understand according to this question that there is a viable solution in the PHP world using simpleSAMLphp. Is there a equivalent method in the Java world? Are there out of the box solutions and/or tutorials for common ...
First some background: We were recently tasked to send a SAML 2.0 assertion to the server that we are communicating with. We are using WCF for our client. The server is not using WCF. The guys who implement the server, don't have an STS that will issue a SAML assertion. We are trying to use WIF framework because it supports SAML 2.0 tok...
Is it possible to load content within an IFRAME that subsequently returns a 302 redirect, without having it redirect the entire browser window to the destination? I.e. limit the redirect to the IFRAME itself? If so, how? EDIT1: To restate... i have an IFRAME, the source of which is a self-posting FORM. The action returns a 302 to somewh...
NB-6.8 jdk-1.6.14 WSS4j-1.5.8 ,OpenSAML-2.3.0 I try to modify WSS4J-1.5.8 to operate SAML 2.0, and I could not insert a generated assertion to existing SOAP Header, the code like this: Assertion assertion = createAssertion("some subject", "some issuer"); Document doc = docBuilder.parse("request.xml"); Element parent = doc.getD...
I have to secure a web service that runs on WebLogic 8.1. The requirement is to use SAML. I couldn't find information about could it be done without any code modifications, just with some configurations at application or server levels. Actually if there are any Java APIs that I can use in my code is also an option. Could you please poi...
I've been having this problem for a while and it's driving me nuts. I'm trying to create a client (in C# .NET 2.0) that will use SAML 1.1 to sign on to a WebLogic 10.0 server (i.e., a Single Sign-On scenario, using browser/post profile). The client is on a WinXP machine and the WebLogic server is on a RHEL 5 box. I based my client larg...
Does ADFS 2.0 supports the SAML 1.1 protocol and Web SSO profiles as mentionend in this Wikipedia article or are only SAML 1.1 tokens supported? ...
I have been tasked with implementing user switching in a component that connects to a WCF service using federated security. I can use Tokenclaims.ReadClaim() to find out what username is currently logged on. How do I invalidate this token and force another logon? I have tried changing the username and password on the credentials, but ...
I'm trying to add SAML assertions to a SOAP web service that is built on the axis2 engine. I'm having a little trouble wrapping my head around how the two would interact. Could someone help point me in the right direction to add a SAML assertion to a response message from Axis2? Thanks, Tom ...
My context: .Net RESTful web service Client (mixed platforms, technologies, lib capabilities) has obtained a SAML token Trying to accept the token for authentication/authorization in the REST service in HTTP Authorization / X-Authorization header as query parameter Will also support SWT later, but need to get SAML tokens going Deta...
I have been Googling a problem that I have with trying to integrate the web application that I am working on with SharePoint 2010. The web application is a wiki style tool that allows users to log in via forms authentication or WIA against Active Directory and create content for themselves and others. What we would like to do is to al...
According to the tutorial, I should go to OpenSSO and download an "express build". However, the download links on the OpenSSO site for the "Express Build 7" appear to require logging in via an account with a paid support contract. How can one currently download the OpenSSO wars? ...
Hi gang, I've been working through various samples to try and piece together a solution for SAML token-based authentication for ASP.Net web services and WCF RESTful web services... some of the samples I've been referencing: http://custombasicauth.codeplex.com/Wikipage http://www.leastprivilege.com/SecuringWCFDataServicesUsingWIF.aspx...