single-sign-on

问题 I'm currently trying to setup a CAS server and use it to login at several local applications. Cas Server(https): localhost:8443 (this is working correctly) Application: localhost:82 When i go to localhost:82, it instantly redirects to localhost:8443. When i try to login, it returns to localhost:82/?ticket=ST-7-THoxHvfK5FoZZsejrSLh-cas01.example.org, but it shows this error: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas

问题 I'm trying to implement WSO2 Single Logout functionality in my java webapp. And I cannot understand this thing: I set SAML Single Logout option for 2 my Issuers. Then I call logout for first Service Provider (SP), IdP redirects it to some logout url with SAML Response, SP gets this request and invalidates http session. Second SP also gets request from IdP with SAML Response, but http session in this request is a session between IdP and SP, and I need to invalidate session between web browser

问题 I have succesfully configured SSO using WSO2IS 4.6.0 and spring saml grails plugin, but when I enable signing and signature validation like this: I see errors on WSO2 console WARN {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Signature Validation Failed for the SAML Assertion : Signature is invalid. DEBUG org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - org.opensaml.xml.validation.ValidationException: Unable to evaluate key against signature WARN {org.wso2.carbon.identity.sso

问题 I am new to SSO as well as Shibboleth. I have successfully implemented Shibboleth SP on an Apache Server. The user is getting authenticated against IDP whenever the user tries to access a protected resource. Basically, Shibboleth SSO has the following 6 steps: User Accesses Protected Resource SP Determines IdP and Issues Authentication Request User Authenticates to the IdP IdP Issues Response to SP Back to the SP Back to the Protected Resource My client app is purely developed using AngularJS

问题 In Authorization Code Flow, a client normally gets id token and access token in one step, and then passes the access token to the userinfo endpoint to get the actual data in a second step. In terms of the OpenID Connect, is it possible to combine those steps into one, so one roundtrip from client to OpenID provider suffices? N.B. The actual content of the Access Token is up to the implementor of an OpenID provider, so in theory I could put the data in there - but that does not seem like good

问题 I have a Restful Java Web application which is to be deployed to a number of different environments (outside of my control) which will be using a SAML 2.0 SSO solution. My application (which I believe is the "service provider") needs to store state generated by the user, and uses internal business logic to work out which users are allowed to view or update other user's data. In order for this to work we need to know who the user is, and what groups the user is part of. But how do I get this

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 4 years ago . I'm currently working on implementing enterprise authentication mechanisms in our Java web-application, including single sign-on. Windows networks are what we primary target at, and Kerberos sounds a reasonable choice. Sidenote: as far as I understand, the protocol used in web (HTTP) environment to SSO is SPNEGO

问题 This question already has an answer here : Closed 8 years ago . Possible Duplicate: Authenticating users using Active Directory in Client-Server Application I'm attempting a single sign-on approach in my program using unmanaged C++, and need to determine if the current windows user is authenticated in my domain. If I can find a way to know that the user has been authenticated, I'll allow him into my desktop application without requiring a password (usernames are the same in my app and on

问题 For more context, this post follows this one. To solve my previous problem, I tried to follow the solution presented here by Tim Bray: Verifying Back-End Calls from Android Apps I declared two projects in Google APIs Console to get two Client IDs The first as "Web Application" with "localhost" as hostname (does it matter?) Client ID: XXXXXXXXXX.apps.googleusercontent.com The second as Android app with the package name specified in AndroidManifest.xml and SHA1 fingerprint (tried with debug

问题 I was able to download and run locally, the MembershipReboot project. I was able to download and run on our test server the Thinktecture IdentityServer project. No major issues with each one by themselves. Now, I want to use MembershipReboot as part of my IdentityServer. I downloaded the sample code and I think I see where code replaces code. However, I'm blind as to what happens with the database. Which database becomes the master? Or do I run something to "upgrade" the IS database? How