Hi, I'm working on establishing interoperability between .NET WCF 3.5 and Axis2/Rampart using ADFS2 as the STS and using SAML authentication. Initially I used Axis 1.4.1/Rampart 1.4 but in an attempt to rule out issues relating to WS-* standards compatbility have also created a duplicate environment running Axis 1.5.1/Rampart 1.5. Both...
I've already implemented a Java Servlet Filter that consumes tokens from a PingFederate (PF) server using the PF supplied Java API. This makes my application able to serve the Service Provider application in a PF SSO setup. PingFederates API allows me to do simple things like this: Agent agent = new Agent("agent-config.txt"); Mu...
I am building a web service that receives a SAML attribute query and responds with an attribute statement. I know I can return one or multiple values of a SAML attribute. I have some values that are dependent on the other attribute values. I need to show that relationship. Let us say, the query is for the Subject Dave and the return valu...
What's the difference between SAML and federated login with OAuth? Which solution makes more sense, if a company wants to use a third-party webapp, and but also wants single sign-on and be the authentication authority? ...
It should be possible to use SAML to authenticate users for any type of application (according to the spec), but the examples I have seen are cookie-based ASP.NET web-sites. Does anyone know of an example authenticating users for, say, a Win Forms app (not using cookies)? ...
What is the best way to pass an existing SAML token from a website already authenticated via a passive STS? We have built an Identity Provider which is issuing passive claims to the website for authentication. We have this working. Now we would like to add some WCF services into the mix - calling them from the context of the already a...
I have a Interoperable Security Token Service (STS) that authenticates the User and then issues a SAML token. I also have transaction services that expects the SAML token in the incoming SOAP request header. For a client to make a call to transaction service, it first needs to authenticate with the STS, get the SAML token and then make ...
I need to implement SAML 2.0 for a WCF client that is talking to a java web service (Glassfish). I know very little about SAML, and after a bit of searching here (and elsewhere) I do not find much about how to implement with WCF. Since WCF abstracts you away from the SOAP layer how can I add SAML assertions to the SOAP header? Will a ...
I'm trying to add the saml 2.0 assertion node from the soap header example below - I came across the samlassertion type in the .net framework but that looks like it is only for saml 1.1. <S:Header> <To xmlns="http://www.w3.org/2005/08/addressing">https://rs1.greenwaymedical.com:8181/CONNECTGateway/EntityService/NhincProxyXDRReq...
I'm working on a SAML gateway using Ruby/Rails and I'm attempting to write some code that validates the xml digital signature of the incoming SAML response against the x509 cert of the originating service. My problem: the signature depends on a canonicalized version of the XML that is hashed and then signed and I'm having trouble findin...
I have a 3rd party program that supports web SSO using SAML 1.1 (it is ready to serve as the Service Provider, in other words). We would like to implement this SSO for our intranet users based on their Active Directory credentials. In other words, they've already logged on to their system, so let's simply use those credentials to fac...
Hello experts, We require your expertize to help us know on the following query We want to know whether the ComponentSpace library SAML v2.0 supports Transform Algorithms with comments ?. we know that this is supported during the creation of the Assertion and we would like to know if the consumption of SAML response is supported TIA,...
Hello, When using the "PULL" model, is the artifact sent to the user browser is digitally signed? Because it looks it is using SSL and thus is digitally signed.. Thanks Joel ...
Does anyone know a Sharepoint 2010 API for adding a new trusted identity token issuer (aka identity provider)? I can do this using the PS cmdlet New-SPTrustedIdentityTokenIssuer, but I need to do it from C# code. ...
Hi, I'd like to integrate a web site written in Python (using Pylons) with an existing SAML based authentication service. From reading about SAML, I believe that the IdP (which already exists in this scenario) will send an XML document (via browser post) to the Service Provider (which I am implementing). The Service Provider will need...
I'm considering securing a whole JEE software platform with OpenAM (prev. Sun OpenSSO). Applications - running on WebLogic AS - would be secured by a JEE Policy Agent and web services with WS-Security SAML Token Profile. As of my understanding, the SSOTokenManager enables application code to retrieve OpenAM's SSO token. But in order to ...
Is it required to sign a SAML token? It looks like the signature element is not required according to the schema. In lieu of signing the SAML token, we would require client certificates (two-way SSL) to verify that the consumer is a trusted consumer. Is this a viable option? ...
I am working on a test harness for a SAML 1.1 Assertion Consumer Service. The test must generate a signed SAMLResponse and submit it to the ACS encoded in Base64. The ACS must be able to verify the signed message using the X509 public cert. I am able to build the SAMLResponse, adding the necessary assertions, etc. But when I try to s...
I have a need to implement a STS-IP server for our web applications and services. The server will need to issue SAML tokens for the following scenarios: Business partner submits their SAML token which is converted to a SAML token with the claims required for our applications. This token is used to access our Web Applications and Serv...
I have WinForms and ASP.Net applications that need to access WCF Web and Data services using a SAML token. I've been looking at Windows Identity Foundation (WIF) to enable the WCF service to use SAML tokens from an STS-IP. On the client, do I make a call to the STS and get a SAML token, then pass the token to the WCF service? if so, h...