Well, let me explain a bit further then. (All URLs are fictional!) As I said, the visitor goes to http://www.yourwebpage.com and indicates he wants to log in. He is redirected to http://your.loginpage.org?return=http://www.yourwebpage.com/Authenticated where he will have to provide his username and password. When his account information is valid, he will return to the page that … Read more
The way this works is that, after authenticating the user, the SAML identity provider (IdP) renders a form to the browser containing the SAML response – the form’s ‘action’ (i.e. target) is the service provider (SP). In the HTML, there is a JavaScript onLoad event that submits the form, so the net effect is that … Read more
You’ll be using the APIs of the respective services (Google, Facebook, Twitter) or may be OpenID if you plan to add that as well. Some links: http://code.google.com/apis/accounts/docs/OpenID.html https://developers.facebook.com/docs/authentication/ http://dev.twitter.com/pages/auth http://openid.net/add-openid/ Also take a look here. There are several similar questions already present on SO, check the related questions on the right.
There are several options. If you really mean LDAP, as opposed to just Active Directory, I would probably look at using System.DirectoryServices.Protocols to perform an LDAP bind using the supplied credentials via a secure channel. Strictly, this isn’t Single Sign-On. SSO means only having to submit your creds once when you first log on. This … Read more
Typical SSO with SAML is something called Web SSO Profile. There are many products supporting this on the market for example OpenAM, Shibboleth, OpenSAML and Oracle Identity Federation. The specific configuration is dependant on what product you choose to use. A working example of OpenSAML that I use in my book is availible here. On … Read more
I found a solution which does not require the scripts extension or any changes on the flow. The key for this solution are the Client Scopes. An application which wants to to authorize a user needs a scope like email or uid, right? What if you only pass them to an application if a user … Read more
Most of the time, a redirect is okay even for SPA because users don’t like to put their X service credentials on any other website than X. An alternative will be to use an small popup window, you can check what Discourse does. IMHO a redirect is better than a popup. Google Some providers support … Read more
UPDATE: Samling is live again at https://fujifish.github.io/samling/samling.html Samling is a serverless SAML IdP for the purpose if testing any SAML SP endpoint. It supports AuthnRequest and LogoutRequest. It runs solely in the browser to simulate SAML responses returned from a SAML IdP – no registration, no servers, just a browser. You can control many aspects … Read more