saml
What to present at SAML EntityID URL?
The requirement is that the EntityId is a URI (not URL, in this case the difference between URIs and URLs is important). See “8.3.6 Entity Identifier” in the SAML2 Core spec. From SAML 2.0 Specification : 8.3.6 Entity Identifier URI: urn:oasis:names:tc:SAML:2.0:nameid-format:entity Indicates that the content of the element is the identifier of an entity that … Read more
Can you recommend a SAML 2.0 Identity Provider for test? [closed]
What problems are you having configuring OpenSSO? I found OpenSSO to be the easiest setup! My notes on getting the basic IDP up and running are below – hopefully they help you get up and running. Michael I’ve found that the best (i.e. most painless) way is… Use Glassfish – this is a well supported … Read more
Working with SAML 2.0 in C# .NET 4.5
.NET 4.5 has WIF (Windows Identity Foundation) built into it. This now supports SAML 2.0. To make use of SAML 2.0, just use .NET 4.5. The class name is Saml2XXXX (where XXXX is the token, assertion, serializer etc) Here is a link to SAML 2.0 Assertion: http://msdn.microsoft.com/en-us/library/microsoft.identitymodel.tokens.saml2.saml2assertion.aspx This will create a SAML 2.0 Assertion object. … Read more
How to implement SAML SSO [closed]
The way this works is that, after authenticating the user, the SAML identity provider (IdP) renders a form to the browser containing the SAML response – the form’s ‘action’ (i.e. target) is the service provider (SP). In the HTML, there is a JavaScript onLoad event that submits the form, so the net effect is that … Read more
What is the purpose of a SAML Artifact?
Typically, the intent of the artifact binding is to reduce the flow of SAML messages through the browser itself. This could be due to browser restrictions (browsers that have limits on query string / POST payload size) or no support for JavaScript (for auto-submitted forms), or even to improve the security model of how the … Read more
How can I restrict client access to only one group of users in keycloak?
I found a solution which does not require the scripts extension or any changes on the flow. The key for this solution are the Client Scopes. An application which wants to to authorize a user needs a scope like email or uid, right? What if you only pass them to an application if a user … Read more
SAML vs federated login with OAuth
They solve different problems. SAML is a set of standards that have been defined to share information about who a user is, what his set of attributes are, and give you a way to grant/deny access to something or even request authentication. OAuth is more about delegating access to something. You are basically allowing someone … Read more
How to create public and private key with openssl?
You can generate a public-private keypair with the genrsa context (the last number is the keylength in bits): openssl genrsa -out keypair.pem 2048 To extract the public part, use the rsa context: openssl rsa -in keypair.pem -pubout -out publickey.crt Finally, convert the original keypair to PKCS#8 format with the pkcs8 context: openssl pkcs8 -topk8 -inform … Read more
Service providers with SAML version 2 for SSO accessible to public? [closed]
UPDATE: Samling is live again at https://fujifish.github.io/samling/samling.html Samling is a serverless SAML IdP for the purpose if testing any SAML SP endpoint. It supports AuthnRequest and LogoutRequest. It runs solely in the browser to simulate SAML responses returned from a SAML IdP – no registration, no servers, just a browser. You can control many aspects … Read more