saml

问题 Our company is programming custom webshops for our customers. Now a customer has contacted us to implement the authentication under use of SAML. The customer is running an ADFS server already. My job is it to evaluate how difficult the work is for our company and what steps we need to take. I searched the web now for quite a long time now and I didn't find really useful stuff. I understand the basic dataflow, but a more ColdFusion specific example for a service provider would be great.

问题 I kind of understand how basic SAML authentication supposed to work: User request resource at SP SP sends auth request to IDP IDP authenticates user and sends back some userId SP sends attribute query to IDP for additional details with userId IDP sends back attributes SP gives user resource My issue is, can you any way bypass AttributeQuery. When I make a SAML 2.0 request to my testing Gluu/Shibboleth server, I get back givenName (firstname) and sn (lastname). Is there anyway I can request

问题 I kind of understand how basic SAML authentication supposed to work: User request resource at SP SP sends auth request to IDP IDP authenticates user and sends back some userId SP sends attribute query to IDP for additional details with userId IDP sends back attributes SP gives user resource My issue is, can you any way bypass AttributeQuery. When I make a SAML 2.0 request to my testing Gluu/Shibboleth server, I get back givenName (firstname) and sn (lastname). Is there anyway I can request

问题 Trying to set the flow of SSO inside a mobile App. Here is what the flow is SP resource URL is presented to CustomChromeTabs (Android) SP Redirects to IDP for authentication IDP presents login screen User adds credentials and submits back to IDP IDP check for the credentials and sends back SAML Assertion to SP SP process the response and as it trusts IDP, converts SAML Assertion to access token SP redirects token back to mobile app. CustomChromeTab store it in cookie for further resource

问题 I have the following issue: I want to generate the SAML-metadata, for my SSO-ServiceProvider, using node.js and the package 'passport-saml'. This package includes the method 'generateServiceProviderMetadata( decryptionCert )' which will generate a service provider metadata document suitable for supplying to an identity provider. this requires an decryptionCert... Which decryptionCert shall I use, i.e. where and how to get it? As far as I understand, I need something like: privateCert: fs

问题 I have the following issue: I want to generate the SAML-metadata, for my SSO-ServiceProvider, using node.js and the package 'passport-saml'. This package includes the method 'generateServiceProviderMetadata( decryptionCert )' which will generate a service provider metadata document suitable for supplying to an identity provider. this requires an decryptionCert... Which decryptionCert shall I use, i.e. where and how to get it? As far as I understand, I need something like: privateCert: fs

问题 I'm building a IdP in my local and I configured the IdP in AWS IAM settings, now I'd like to start an IdP initial SSO from my local and login AWS, however the error always shows in AWS page: Response has expired (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ExpiredTokenException; Request ID: 18fc7e20-97eb-11e9-97e4-0f55a663916e). Please try again. error page screenshot What should I do for this situation? Any help would be appreciated. Here is the SAML Response <saml2p

问题 I am integrating a SAML Service Provider with MS AAD and I have found an issue with Single Logout. My Service Provider only supports logout binding "HTTP-POST". And it seems that AAD only supports logout binding "HTTP-Redirect". I think so based on the SAML metadata I got from AAD - this is the only SingleLogoutService element I can see: <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx

问题 I am tasked with getting our ColdFusion 9 app to receive a SAML assertion for single sign-on. We are the service provider. Thus far, I have used the only real source of information about ColdFusion and SAML at the following URL for guidance: http://blog.tagworldwide.com/?p=19 I have a sample SAML XML assertion from the identity provider and it looks very similar to the following example from Salesforce.com. <samlp:Response ID="_257f9d9e9fa14962c0803903a6ccad931245264310738" IssueInstant="2009

问题 I'm using Gsuite as an Saml IDP to authentify users of my organisation on internal apps. Everything is working fine, except for one point: when one of my users if logged in with his/her personal account only , Google will fail with: 403 Error: app_not_configured_for_user This makes sense as the app is intended to be used by internal users only, but I would like to be able to force Google saml authentication to display the account selector even if the user is already logged in to one account