saml-2.0

Proper LogoutRequest for Single Logout with ADFS IdP

两盒软妹~` 提交于 2021-02-19 04:42:26
问题 I'm successfully using OneLogin java-saml library for SAML SSO. But there are problems with SLO (Single Logout) with Active Directory Federation Service (ADFS). LogoutRequest created by the library is rejected by ADFS, while it is accepted by SimpleSAMLphp IdP. I pass both nameId and sessionIndex received from ADFS in Response at LogoutRequest creation. Here are generated requests and received responses: AuthNRequest: <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

AzureAD IDP Initiated SAML always return nameid-format:persistent instead of nameid-format:emailAddress

家住魔仙堡 提交于 2021-02-11 13:34:42
问题 I'm developing SSO using SAML and my IdP is Azure. I'm having problem with IDP Initiated flow. In SAML Response I always get this NameID: <NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"> bMFy2VsLxPyxxxxxx..... </NameID> This is what I'm expected: <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> user-email-address@foo.bar </NameID> I always get nameid-format:persistent instead of nameid-format:emailAddress . Although I have set "name identifier

How do I map attributes returned by an IDP to friendly names inSimpleSAMLphp?

柔情痞子 提交于 2021-02-08 20:39:56
问题 I have successfully configured simpleSAMLphp so that it authenticates via the Test Shib IDP (https://www.testshib.org/). Test Shib returns the following attributes: urn:oid:0.9.2342.19200300.100.1.1 urn:oid:1.3.6.1.4.1.5923.1.1.1.1 urn:oid:1.3.6.1.4.1.5923.1.1.1.6 urn:oid:2.5.4.4 urn:oid:1.3.6.1.4.1.5923.1.1.1.9 urn:oid:2.5.4.42 urn:oid:1.3.6.1.4.1.5923.1.1.1.7 urn:oid:2.5.4.3 urn:oid:1.3.6.1.4.1.5923.1.1.1.10 urn:oid:2.5.4.20 I would like to map these attributes to friendly names. Can anyone

How do I map attributes returned by an IDP to friendly names inSimpleSAMLphp?

旧巷老猫 提交于 2021-02-08 20:38:29
问题 I have successfully configured simpleSAMLphp so that it authenticates via the Test Shib IDP (https://www.testshib.org/). Test Shib returns the following attributes: urn:oid:0.9.2342.19200300.100.1.1 urn:oid:1.3.6.1.4.1.5923.1.1.1.1 urn:oid:1.3.6.1.4.1.5923.1.1.1.6 urn:oid:2.5.4.4 urn:oid:1.3.6.1.4.1.5923.1.1.1.9 urn:oid:2.5.4.42 urn:oid:1.3.6.1.4.1.5923.1.1.1.7 urn:oid:2.5.4.3 urn:oid:1.3.6.1.4.1.5923.1.1.1.10 urn:oid:2.5.4.20 I would like to map these attributes to friendly names. Can anyone

How to tell if a user has an active Azure session, in html page, before SSO?

十年热恋 提交于 2021-02-08 11:39:40
问题 I'm trying to create an HTML page, and a part of it is to check if a user has an active Azure AD logged in session. If so then certain elements of the page would change. The IdP and SP are setup correctly, and SSO works, this is a separate page from both of them. This page is here before the user is redirected to the service provider. I just can't figure out how to do this! Is there any way to do it without redirecting the user off the page, maybe using JS? 回答1: After passing the aad

AuthenticateResult.Succeeded is false with Okta and Sustainsys.SAML2

烈酒焚心 提交于 2021-02-02 03:41:39
问题 I have a .Net Core 2 application which leverages Sustainsys.Saml2.AspNetCor2 (2.7.0). The front end is an Angular application. The SAML approach I'm taking is based on, and very similar to, the approach taken in this reference implementation: https://github.com/hmacat/Saml2WebAPIAndAngularSpaExample *Everything works fine with the test IDP (https://stubidp.sustainsys.com). But when we try to integrate with Okta, the AuthenticateResult.Succeeded property in the callback method (see below) is

AuthenticateResult.Succeeded is false with Okta and Sustainsys.SAML2

回眸只為那壹抹淺笑 提交于 2021-02-02 03:41:26
问题 I have a .Net Core 2 application which leverages Sustainsys.Saml2.AspNetCor2 (2.7.0). The front end is an Angular application. The SAML approach I'm taking is based on, and very similar to, the approach taken in this reference implementation: https://github.com/hmacat/Saml2WebAPIAndAngularSpaExample *Everything works fine with the test IDP (https://stubidp.sustainsys.com). But when we try to integrate with Okta, the AuthenticateResult.Succeeded property in the callback method (see below) is

How can I pre-fill email for SAML Google IDP?

好久不见. 提交于 2021-01-29 13:43:51
问题 We're using SAML 2.0 for SSO, and want to improve the UX by allowing a user to enter their email only once (to identify they need SSO). Is it possible to pre-fill the SAML SSO email field when authenticating with Google's SAML IDP? I know that the AuthnRequest has an optional Subject field that can pass the principal information to the IdP, but so far I haven't managed to have Google's SSO form pre-populate. Either it's not supported from the IdP, or I'm sending the wrong configuration. The

Connect to Local/On-premises Active Directory from PHP web application [closed]

耗尽温柔 提交于 2021-01-29 11:16:20
问题 Closed. This question needs debugging details. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 4 months ago . Improve this question Seeking for guidance on the subject as I'm really stuck on this, I am trying to connect to a microsoft server over a network to login into my system by providing my microsoft credentials. Now, what I want is whenever I try to hit my php application url, it will redirect me to

How to Authenticate the data from Microsoft Azure AD using Laravel and redirect it to Home?

℡╲_俬逩灬. 提交于 2021-01-29 07:52:06
问题 I'm trying to authenticate Microsoft Azure AD with my laravel web app. Currently I'm referring Azure Active Directory SSO with Laravel. I managed to retrieve the data from the microsoft azure ad but the problem is it doesn't redirect to /home view instead it redirect to login view. I have one idea which is to link the email from Microsoft and email from the model so that it can directly go to home page. But i dont know how to pass the Microsoft data (from provider) to controller. The code(in