saml

Can I use SAML in a Flash app

I have a WCF service that uses SAML for authentication/authorization. Now we want to use this WCF service from a Flash application, but is this possible? We already have an Identity provider that can provide a SAML token using a REST endpoint. The question is how we can send the SAML token to the WCF service, and as bonus can we use the ...

Add custom header into Security element with WCF

Can I add and read a custom header in the Envelope/Header/Security element? I tried using the MessageHeader attribute, but that does not allow me to put the header in the Security element. I created a class that implements IClientMessageInspector thinking that I could access the Security header like so: public object BeforeSendRequest...

XML signature validation against remote certificate, with PHP

I'm working on a project where I need to validate an embedded signature in an XML file (SAML assertion) against a public key located on a remove server. Has anyone done this in PHP? ...

What's the easiest way to test a .NET SAML client?

I will soon need to add SSO to an ASP.NET app using SAML. The client will not provide access to their Shibboleth identity provider for testing, so I'll need to verify that SSO works myself. What would be the easiest method to use/setup a SAML identity provider for testing? I'm not keen on having to setup an infrastructure myself if I ...

Example of a SAML LoginModule for JAAS

Has anyone had any experience creating a JAAS LoginModule that uses SAML to authenticate and authorize a user? As I understand JAAS, this would likely require a custom CallbackHandler that understand and can parse a SAML message. In my case, the authorization is defined as a set of roles in a database, but like your typical Database Lo...

Is it possible to override the cookie duration for specific subdirectories when using Windows Identity Foundation? (WIF)

I'm considering using IE8 Slices with my website and need to provide some kind of authentication. If you don't know what webslices are, check this link out: http://blogs.msdn.com/b/ie/archive/2009/03/11/web-slice-and-feed-authentication-developer-guidelines.aspx I'd like to know if it's possible to override the cookie duration when us...

Getting started with SAML2.0

Hello, I'm attempting my first SSO integration using SAML 2.0. I've been using: http://www.codeproject.com/KB/aspnet/DotNetSamlPost.aspx?msg=3562384 as an example for myself. Presently I'm just trying to successfully post to their url. The site we're connecting to is quite large and uses a solution from ping-identity to manage their ...

What's the difference between WS-Trust, OpenID, and SAML Passive?

Seems that Microsoft ADFSv2 supports WS-Trust, and SAML Passive, but the WIF stack it's built upon doesn't support SAML. What is the difference between WS-Trust and SAML-P? Do they share the same security vulnerabilities, if so what are they? Note: There is a similar, but different question here: SAML vs OAuth ...

How do I add an unsigned SAML token/assertion to a WCF client using a custom binding?

I'm using SAML 2.0 and have figured out how to add my token to the soap header when using transport security (https) - see this post, but now I need to do this over http without the digital signature on the SAML token. When i use this binding: private static System.ServiceModel.Channels.Binding BuildCustomBindingPIX_SAML() { ...

Using PingFederate, SAMLResponse is not sent to ACS URL appearing in SAMLRequest9authnResquest)

I am using PingFederate for SSO. My application is acting as SP and I am trying SP initiated SSO. I am sending SAMLRequest to PingFederate, which is signed. But it is not sending SAMLresponse to ACS URL mentioned in the SAMLRequest9authnRequest). Can you help me with settings, so that the default assertion Consumer URL is not picked up ...

How can I imitate Stack Overflows SSO? Particularly where it federates with serverfault.com?

How does Stack Overflow's SSO work? ... whatever it is they are doing it seems to work for all sites in the network. I'd like to learn what Stack is doing so I can see if it's possible to get a similar registration scheme between http://perfmon.com and http://eventvwr.com under ADFS. I understand that SAML and OpenID are different an...

SAML for SharePoint 2010 Authentication

Is it possible to authenticate a user in SharePoint 2010 using a SAML Token provided by third-party? Most of the examples of SSO configuration for SP2010 assume that you are going to use Active Directory as your user repository. I do not want to setup ADFS, since all of my users are actually out on a SAML compatible Jasig CAS server....

Unsigned SAML 2.0 Support for WCF on .Net 4.0

Hi All, Can someone please let me know if unsigned SAML 2.0 or 1.1 is natively supported on WCF .Net 4.0. I know that Signed SAML 1.1 is natively supported on WCF and SAML 2.0 is natively supported on WIF but I am not able to find any material regarding unsigned SAML. ...

How to create ASP.NET SP web app supporting SP-Initiated SSO using SAML 2.0

I wish to create ASP.NET web application project using Visual Studio 2010 that will act as a Service Provider in the SAML 2.0 realm. (supporting SP-initiated SSO) I need this web app to send SAML request and respond to SAML response from external IDP using SAML 2.0 protocol. I read many posts about the WIF and ADFS 2.0 supporting SAML ...

WSSecurityTokenSerializer ReadToken method performance

I have a Dispatch MessageInspector which is deserializing a SAML Token contained in the SOAP message header. To do the deserialization I am using a variation of the following code: List<SecurityToken> tokens = new List<SecurityToken>(); tokens.Add(new X509SecurityToken(CertificateUtility.GetCertificate())); SecurityTokenResolver outO...

Help required with SAML 2.0 and ADFS 2.0 !

While trying to learn the ADFS 2.0 environment, I created an empty ASP.NET Claims aware application to be the RP using Visual Studio 2010. using ADFS 2.0 I did the following: Created a SAML 2.0 relying party using the 'Add Relying Party Trust...' wizard Created a SAML 2.0 Claim Provider using the 'Add Claims Provider Trust...' wizard ...

Signature Validation issues using OpenSAML & OpenSSO

Hi All, We are using OpenSAML on the Service Provider Site to provide SSO for our clients. Our client(ID Provider) is using OpenSSO on their end. The SAML Response being posted by OpenSSO is a little different when it comes to the signature element in that it is not qualified by the namespace. This doesn't seem to go down well with Op...

How to Validate a SAML Token

The scenario I'm trying to support is this: A client website is redirecting to my website using a single sign on from their site. The client side has a STS that generates a SAML token for the authenticated user that gets passed to my website. My question is what is simplest and best way to validate this SAML token passed to my website?...

SAML 2.0 test ID provider

Hi, I want to make my Spring web-application able to authenticate based on a SAML 2.0 ID provider. The application won't itself be an ID provider, just a consumer. Where can I get a SAML 2.0 ID provider that I can use to test my implementation with? Any that I can install locally, or are there any hosted ID providers I can integrate agai...

Generating SignatureValue using HMAC-SHA1 in XML...

The signature method is HMAC-SHA1, and I already have <SignedInfo> generated. The problem is that I am not sure what to use as the key in the HMAC calculation. I noticed that there are two <Entropy> with enclosing <BinarySecret> from the initial request (RST) and response (RSTR). I read from WS-Trust that this indicates that I could ge...