opensaml

HttpSession returned null object for SPRING_SECURITY_CONTEXT

99封情书 提交于 2019-12-30 04:37:08
问题 I'm trying to integrate the Spring Saml library in a sample webapplication, using Shibboleth as IDP. I'm able to load the login page, to login and to show the index page. The problem is that when I click on other links the webapp redirect me to the login page, then the IDP recognizes me and redirects to the requested page (if the network is fast it's very difficult to see this). It's like I'm not logged in for Spring security. I checked the log and I found this: org.springframework.security

What is the purpose of a SAML Artifact?

Deadly 提交于 2019-12-28 11:44:15
问题 I've seen a bunch of flow chart on how it is passed around between Identity Provider (IdP), Service Provider (SP), and Browser via Redirects. However it seems unnecessary to me right now, so i know i'm missing something. Can someone provide me a use case where a SAML Artifact is required (or very useful) compared to not using one? Thank you. 回答1: Typically, the intent of the artifact binding is to reduce the flow of SAML messages through the browser itself. This could be due to browser

How to validate SAML assertion signatures

放肆的年华 提交于 2019-12-24 21:44:05
问题 How to validate SAML assertion signatures? for (Assertion assertion : samlResponse.getAssertions()) { try { if (assertion.getSignature() != null) { Optional<X509Certificate> x509Certificate = assertion.getSignature().getKeyInfo().getX509Datas() .stream() .findFirst() .map(x509Data -> x509Data.getX509Certificates() .stream() .findFirst() .orElse(null) ); if (x509Certificate.isPresent()) { BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(KeyInfoHelper

How to add KeyInfo & X509Data under the Signature in SAML 2.0 using Java

佐手、 提交于 2019-12-24 14:34:31
问题 I am completely new to SAML, I just build the saml but per requirement I also need to add KeyInfo and x509 certificate nodes including client’s public cert, I have used below code to generate the signature element, but dont know how to add KeyInfo & X509Data inside signature. needing help on this? BasicX509Credential signingCredential = new BasicX509Credential(); //Namespace nameSpaceSAML = new Namespace("http://www.w3.org/2000/09/xmldsig#","ds"); KeyStore keyStore = getKeyStore(

Tomcat DEBUG logging coming out on console unexpectedly

£可爱£侵袭症+ 提交于 2019-12-23 04:07:49
问题 The following are just a few samples of logging statements that come out on my Tomcat 7 console. Most are coming from open saml or hibernate and I'm trying to prevent them from coming out. I am using logback and have the root logger and all other loggers at WARN or above and I can't figure out why certain libraries continue to log out INFO and DEBUG level statements. Any ideas? 14:40:45.360 [localhost-startStop-6] DEBUG org.opensaml.xml.XMLConfigurator - {http://docs.oasis-open.org/wss/2004

What are the different NameID format used for?

烂漫一生 提交于 2019-12-17 17:55:18
问题 In SAML metadata file there are several NameID format defined, for example: <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> Can anybody explain what are these used for? What are the differences? 回答1: Refer to Section 8.3 of this SAML core pdf of oasis SAML specification. SP and IdP usually communicate each other

Android Error in Eclipse: “Unable to execute dex: Cannot merge new index 65799 into a non-jumbo instruction!”

本小妞迷上赌 提交于 2019-12-17 10:33:33
问题 I am trying an Android project using OpenSAML using Eclipse. I have added all the required jar files in the build path. Now, when I run the program as an Android Application the following error shows up: [2012-11-18 11:52:59 - Dex Loader] Unable to execute dex: Cannot merge new index 67075 into a non-jumbo instruction! [2012-11-18 11:52:59 - MyTestProgram] Conversion to Dalvik format failed: Unable to execute dex: Cannot merge new index 67075 into a non-jumbo instruction! I googled a bit, but

Shibboleth SP to point to multiple idP

风格不统一 提交于 2019-12-13 02:38:30
问题 I have SP installed on a machine. I need to have it configured to multiple idP depending upon the url. Ex. We have two hosts one.myorg.com and two.myorg.com both point to same module/machine - so same SP. Now I need my sp configured as if one.myorg.com/secure is hit SP should go to https://testshib.com/idp for authentication and else two.myorg.com/secure is hit SP should go to https://myown.idp.com idp. EDIT: It should not ask to choose the idP. 回答1: In case this is still actual, you can find

Creating SAML indentity assertion in Spring web app

前提是你 提交于 2019-12-13 02:12:22
问题 We have a spring web app, and a third party application which need to know which user is logged in into the Spring application. Once the user is logged in the Spring app, he will have the possibility to access the third-party app in a transparent manner. For that purpose, we have to use SAML (third app need). So the Spring web app will work as an IDP, in an IDP-initiated way. I found OpenSAML library, and this : http://blog.keksrolle.de/2010/07/27/how-to-create-a-valid-saml-2-0-assertion-with

Should the same SAML Response be accepted twice, multiple times?

筅森魡賤 提交于 2019-12-12 07:56:58
问题 Should a SAML federation software accept the same SAML response as long as it is within the allowed SAML token lifetime? In simpler terms: IDP (identify provider) issues a SAML response, then SP (service provider) accepts/processes it. Can the same unmodified SAML response be then re-used immediately after the first use? Given that the SAML issuance timestamp is within allowed range. Security-wise it makes sense to restrict a SAML token (response) to only one use, so that even if it is stolen