I've got a Java Bluemix application configured with the SSO Service connected with a SAML 2.0 and a Cloud Directory. I'm having problems to accomplish a successful logout.
Do you know what's the correct procedure to accomplish a SSO logout from a link in my application ?
Thanks
You could simply destroy the session and make expire all the cookie on your application domain
Related
I am trying to setup SSO with third party IDPs in Google Workspace admin console.
I am using SAP IAS as an IDP.
It works with the default configuration.
But if i mark the the SAML requests to IDP must be signed in SAP IAS then it fails saying "SAML requests are not signed ".
It seems Google as a service provider does not sign the requests ? is it a correct understanding or is there a way to enable signing of SAML requests in Google workspace admin console ?
Best Regards,
Saurav
When you use Google Workspace as Service Provider with a third-party IdP requests are not signed by default and I am afraid that setting is not available in Google's side at the moment.
I assume by signing both the request and response of your SSO flow you are looking to grant extra security to this process however if you really need to use Google services and the authentication is successful without the setting I would recommend to skip this for now.
Neither in the documentation nor in the Google Admin console section for third-party IdPs SSO you would find it, the setting is simply not there:
Google as Service Provider setup
I hope this information helps!
I have a Java app running under Websphere Liberty on IBM Bluemix. I need to be able to authenticate users 3 different ways - Basic Auth, SAML SSO, and OpenAuth SSO, in that order.
I can set up the app to do Basic Auth (using custom code) or SAML SSO (using the Bluemix Single Sign On service), but can't figure out a way to configure it to handle both at once. (I haven't even looked into how to do OpenAuth yet.) If I configure the app to use the Bluemix SSO service, then my app never sees the incoming requests to check for a userid and password to try Basic Auth before the SSO service grabs it.
I tried changing the redirect URL in the SSO service to an endpoint inside my app, but then all I get is
CWOAU0062E: The OAuth service provider could not redirect the request because the redirect URI was not valid. Contact your system administrator to resolve the problem.
I can't be the only one that needs to do this. Can anyone tell me how they did it?
In our ASP.Net project, I am using 'Kentor.AuthServices.HTTPModule' and have configured ADFS. We need to implement the logout functionality. we found the code
"~/AuthServices/Logout?ReturnUrl=" + Uri.EscapeDataString(Page.ResolveUrl("~/?Status=LoggedOut")) from the samples. But when we implement in our code it does not work as expected.
(we believe the session cookies are not clearing).
On logout we need to redirect to ADFS login page.
We configured the SAML logout endpoints in ADFS and there is no encryption certificate installed.
What could be the reason for this issue?
Please find the ADFS Bindings
Image
Thanks
We are starting a project for SSO and using wso2 to do all SAML , OAuth and keep our Webapplications as service providers.
I have been through the online documentation but need some help .
When user tries to Access to any resource in our webapplication i would send user to wso2 to get Authenticated in case of OAuth /openid connect , how would i form this url ?
I have configured IDP and SP in WSO2 console, after authentication how does WSO2 give credentials of authenticated users to service provider , i see as per document or sample app , this should be SAML or any other sso protocols like oauth etc. documentation is not clear or any examples i can find
i want to redirect the user after OAuth or SAML with my own created Authn cookie , what is the provision for that .
any help would be appreciated
Yes, You can configure your application as service providers and wso2 IS as Identity provider.I guess, You can implement saml sso for your scenario and its simply documented here.There is another blog which describe the same configuration
You can download travelocity sample code and war file .Analysing the code you can get some idea about implementation.
By following above blogs, You can implement the complete SSO flow.
Q. > When user tries to Access to any resource in our webapplication i would send user to wso2 to get Authenticated in case of OAuth /openid connect , how would i form this url ?
Answer :
https://localhost:9443/oauth2/authorize?response_type=code&client_id=wCmphfs69oaN3JhqO3d9FFgsNCMa&scope=openid&redirect_uri=http://localhost:8080/Samplespapp/googleauth.jsp
client_id : is that if which we get on UI oof wso2 console after we finish configuring Service provider in my case i configured Inbound Authentication Configuration as OAuth open id .
redirect_uri is the url where we want to go after authentication , this should match callbackback url in View/Update application settings
Answer 2: I still dont see any valid reason why inbound authentication has to be sso protocol but this is how wso2 works , to put it in laymans term i have a client to connect to using SAML and Other OAuth . i opt for a SSO vendor who takes that headache from me to implement SSO protocols but i Still have to implement atleast one SSO protocol as after SSO handshake wso2 has to communicate userX with role as Admin to service provider app this is done again using SSO !!
ping federate makes it simple it makes an encrypted request header that had data in key value pair. may be i am not understanding but i dont like this inbound Authentication in SSO .
Q. 3.>i want to redirect the user after OAuth or SAML with my own created Authn cookie , what is the provision for that
documentation is poor in this area just some java classes but no end to end example , every one will point to travelocity .
I want to implement SSO with SAML tokens in JBossAS.
The scenario is as follows.
I have 2 applications app1 and app2 running on 2 JBoss instances.
Login into app1 and enter username / password using form based auth.
Once login, click on the link that should be redirected to the app2 page.
This should use SSO with SAML tokens on JBossAS for authentication and authorization of users.
Can anyone let me know how to do this?
I just now found your question and noticed it is still not answered.
You can take a look at JBoss picketlink. Said page describes the federation support in JBoss 5+ and Tomcat 5.5+.
Supported protocols are SAML2, WS-Trust and Open ID.
Since SAML2 users Assertion after authentication, using pure SAML2 on both apps would require you to register both apps as Service Providers - I believe.
I did a workaround using JBoss/Tomcat SSO valves: My (Seam) app 1 uses SAML2 for authentication and my other apps simply reuses that Principal (username, roles) created in the first app. I believe this corresponds to your situation. Log in at app 1, security constraint in app2, no log in in app2.
I had to create a custom valve to achieve this
https://github.com/jensaug/jbossweb-customsso
/Jens