saml – Page 8 – WindowsTechs.com

SSO and browser vs. server

Posted on January 29, 2020 by Joe

We’ve got implementations in a browser-based system right now that does both SAML and OpenID-connect login support, but does them differently and was looking for advice on the risks.

Our SAML implementation does a full browser redirect to… Continue reading SSO and browser vs. server→

Differences between SAML and OpenID Connect

Posted on January 8, 2020 by Ravi

In OpenID, the client needs to support OpenID Identity provider and the client (application) needs to register with OpenID Identity provider. This is similar to the service provider in SAML registering with SAML Identity prov… Continue reading Differences between SAML and OpenID Connect→

SAML Passing a JWT token from the API to the SPA application

Posted on December 5, 2019 by cip123

We are trying to implement the SAML 2.0 protocol and I stumbled upon a problem related to passing the token from the API to the client SPA application.

The authentication flow goes like this: the client is redirected to the IdP applicatio… Continue reading SAML Passing a JWT token from the API to the SPA application→

Can I leverage Shibboleth to avoid recurring metadata exchanges with our customer?

Posted on November 5, 2019 by oschlueter

we provide various web services for our customers, leveraging their IdP to have the customers’ employees sign in with their company-issued accounts. Sometimes we operate web services for one customer with different domains be… Continue reading Can I leverage Shibboleth to avoid recurring metadata exchanges with our customer?→

How does a SAML proxy work?

Posted on October 27, 2019 by aquaman

What is a SAML proxy? Is it more than the github project?

Does it work differently to any reverse proxy (for example ARR)?

Is there an equivalent for OIDC/SAML?

Continue reading How does a SAML proxy work?→

Modern pass-through authentication [migrated]

Posted on September 17, 2019 by aquaman

In a Microsoft environment one can set up a web application that will pass the credentials directly to SQL Server so that permissions are set closest to the data. How can this be achieved in modern applications using SAML and… Continue reading Modern pass-through authentication [migrated]→

Could SAML assertion/token be shared or reused between service providers?

Posted on September 3, 2019 by James Lin

SAML noob here, I have an idea implementing permission(authorization) outside of IdP, which effectively become a “Permission Service Provider”, so say when an application (another service provider) that authenticate against the IdP via sa… Continue reading Could SAML assertion/token be shared or reused between service providers?→

Why sign SAML authentication requests

Posted on August 28, 2019 by AndOs

In SAML, signing or encrypting the assertions seems to be essential, but I’m not finding much information describing any benefits or drawbacks of signing the authentication request in real world “practical” scenarios.

Securi… Continue reading Why sign SAML authentication requests→

why use a CA-signed key pair to encrypt SAML2 assertions?

Posted on August 19, 2019 by O. Jones

I have a customer who insists upon using only certificate-authority signed key-pair certificates for encrypting SAML2 assertions.

In this use case, I hold the private key in my Service Provider, and we furnish the public key… Continue reading why use a CA-signed key pair to encrypt SAML2 assertions?→

HTTP Response to a SAMLResponse POST by user agent

Posted on July 25, 2019 by Brett

Looking at RFC2616, is it acceptable to return an HTTP 200 (page load) as a response to a SAMLResponse post to the SP? i.e. the user-agent loads a page instead of redirecting via a 302 / 303?

Looking for clarity on 3.4.5 her… Continue reading HTTP Response to a SAMLResponse POST by user agent→