I'm a newbie at SAML. My question is simple:
Upon a SAML request, what do IdPs usually do?
I guess they first parse the XML — and then? Can anybody describe the steps? I mean the common steps, that every IdP has to do at the very least.
The wikipedia article on this actually contains a lot of the information you need:
http://en.wikipedia.org/wiki/SAML_2.0
Look at the example SAML 2.0 Auth Request and Response plus the list of steps involved. The simplest method is the "SP POST Request IdP POST Response" so start with that. It's not the only option for deploying SAML 2.0, there's others also described there as well. Hope that helps.
Related
I'm in process of consuming the SAML post request using Java.
Here I need to construct on SAML request and need to send the same to SAML sos server, I'm not sure how we can achieve it using Java as i checked with httpPost client and related stuff, but I didn't get any success for the same.
Can anyone guide me how I can consume SAML based SSO request using Java?
Thanks,
Kuldeep
You would need to read the SAMLResponse from the Body of the Http Post Request like you'd read any other value sent in a form and then use appropriate libraries like XMLBeans to parse and read the value of XML.
The value comes as base64 encoded, so first you will decode it, then parse the XML, then verify the XML Signature (if required) and then use the values.
One example is given here: https://github.com/oaeproject/SAMLParser/blob/master/src/main/java/org/sakaiproject/SAMLParser/SAMLParser.java
I would recommend you to understand how SAML 2.0 works before implementing it, I found the wikipedia article for that quite helpful : https://en.wikipedia.org/wiki/SAML_2.0
Seeing lots of un-answered Docusign questions, but I'll take the chance anyway.
I see lots of examples of how you can use the returnURL parameter using the Docusign REST api in order to redirect a user to a custom URL upon completion of signing. For example: How to redirect to back after signing completion in docuSign
Nowhere can I find a similar setting when using the Docusign SOAP API. Perhaps someone out in the stack universe knows more? Maybe someone is a better googler than I?
It will always be found in the RequestToken, whether it's for sender, recipient, correct, etc. Info here
In my current work, I have to develop an intern REST API engine.
I have read the Roy Fielding thesis, documented myself, and I finally got something that works great easy to use, with high performance, corresponding to the Fielding REST spec.
There is only one point that I dont really know how to overcome : the security problem.
Again, I documented myself, and I wanted to use OAuth2.0 in my engine.
The problem is that I dont understand nothing at all how to use this protocol.
I dont understand how the consumer can connect himself and be recognized by the server.
I dont understand if I have to provide API key to my consumer(like Facebook, Twitter and Google make it) or if a token will automatically be generated if I send a login / password to the server
I dont know if I have to create my own OAuth2.0 server that provides keys, or if OAuth2.0 libraries are sufficient to provide security.
In fact, I dont understand nothing at all with OAuth2.0, and I need to learn. The problem is, every documentation that I try to read is like chinese, I didn't find an easy one, step by step that will help me with this.
That's why I post here, can you help me understanding a bit more OAuth2.0 and the secured authentication for API ?
I willingly didn't speak about the technologies, because I want to understand OAuth2.0 before applying it technically.
Thanks for all
The main problem with OAuth (both versions) is that you'll see a lot of talk about the three legged version. That is when you have user, a data-providing service and a consuming service, let's say a service that will create physical copies of your flickr photos. In this case the OAuth flow allows the user to tell flickr that the third party can access their data. This is not the scenario you are after, you are interested in 2-legged OAuth, see here for a description.
Of course you could look at other methods too. I've used HAWK in a number of REST/Hypermedia APIs and found it to be great to use in both nodejs and .NET server stacks.
Thank you for your answer, I studied a bit more OAUth2 en tried to implement it with 3 stragery : basic, clientPassword, bearer.
I created a new thread for an other problem, if you want to take part of it :
OAuth2 server creation with nodejs
I'm trying to use wso2 as SAML2 IdP and I need to extract the IdP metadata.
Do you know how I can do it?
Posting the answer since somebody else will be looking for it.
WSO2 IS at the moment does not have the capability to auto generate the metadata file.
But you can use the metadata file here which is prepared following the standards.
Have you tried the url: https://localhost:9443/samlsso
This blog post seems to describe what you are trying to achieve: link
I've been navigating and toying with features of netsuite, for one feature that came across was the SAML single sign-on. I can not understand how it works or even get it working.
I've read the numerous SAML documents on suiteanswers however, they leave me puzzled.
Does anyone have a working netsuite SAML code example or documentation?
A hurl.it would suffice also!
Thanks is advance
I don't have a specific SAML snippet, but IIRC SSO needs to be enabled/provisioned. Kindly navigate to Setup, Company, View Billing Information. There must be users provisioned towards the bottom under: Two Factor Authentication Users (Should show Provisioned Quantity and Used Quantity.) I believe there is also a place on Role Permissions where a Role can be defined as single Sign On ONLY - but I don't think that is what you are asking.
Like I said, I have no snippet, however on the Suite-Answers Site, They give me a reference Link that has a PDF that shows a sample for you. The PDF Itself is Located here: https://system.netsuite.com/core/media/media.nl?id=7490306&c=NLCORP&h=cd5c1c4877483ebab26b&_xt=.pdf
I've made an offline http nonsecured version here stored in Dropbox: https://www.dropbox.com/s/ohiu6f308szu6rd/SAML_Setup_ADFS_Netsuite.pdf