Hi all, I've started working on the server-side implementation of SAML Artifact Binding. The basic idea is as follows.
When authentication is done via SAML, SAML assertion is sent to the user agent (browser) as a direct response from the IDP. One disadvantage of this method is the possibility of communication messages being intersepted at the browser. Also, there could be limitations on browsers such as limits on query string / POST payload sizes, no support for JavaScript, etc. To overcome these problems, SAML Artifact Binding has been introduced. When the user is authenticated, the IDP responds with a key known as SAMLart, which will be then sent to the service provider by the browser. Then the SP uses this key to request the actual SAML assertion from the IDP via a back channel call. This method reduces the use of browsers compared to the old method. Below diagram shows the request flow with SAML Artifact Binding. [image: image.png] Currently the client side implementations have been completed and discussed here [1]. The goal of this project is to implement the necessary backend components following the official SAML specification [2] <https://www.oasis-open.org/committees/download.php/35387/sstc-saml-bindings-errata-2.0-wd-05-diff.pdf> . I highly appriciate your valuable concerns and input on this. Best regards, Vihanga. [1] - "[Architecture] [IAM] SAML Artifact Binding" @ architecture@wso2.org [2] - https://www.oasis-open.org/committees/download.php/35387/sstc-saml-bindings-errata-2.0-wd-05-diff.pdf <https://www.google.com/url?q=https://www.oasis-open.org/committees/download.php/35387/sstc-saml-bindings-errata-2.0-wd-05-diff.pdf&sa=D&source=hangouts&ust=1529490475881000&usg=AFQjCNG3_d5jo1kSGGuO9_TMVz2oNTswag> -- Vihanga Liyanage Software Engineer | WS*O₂* Inc. M : +*94710124103* | http://wso2.com [image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
