Re: [DISCUSS] SAML 2.0 Service Provider feature

Tue, 07 Mar 2017 03:08:30 -0800 

Hi Francesco
On 07/03/17 11:00, Francesco Chicchiriccò wrote:

On 07/03/2017 11:56, Sergey Beryozkin wrote:

Hi Francesco

Not sure if it can be relevant for this work but at the CXF level we
have this SAML SP support:

http://cxf.apache.org/docs/saml-web-sso.html,

something Colm and myself worked upon earlier on.


Thanks for the pointer, Sergey: I did already find it, though.

This does not completely fit in our scenario since here the idea is to
split the responsibilities in two: from one side the front-end
web-fragment takes care of the SAML exchange, from the other side the
Syncope core (e.g. the CXF application) works as back-end for the
effective SAML assertion validation and generation.

I'll look at the provided page and related implementation, anyway, thank
you very much indeed.
Thanks, right, what that CXF module offers is an ability to redirect the users to the SAML2 IDP and validate the saml assertions when the user is returned from there and make sure the security session is set. 


FYI, this class

https://github.com/apache/wss4j/blob/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java


has been already extremely useful to me, since OpenSAML 3 documentation
is practically absent.
I believe we also use those utils or may be other OpenSAML related code, Colm would know more about it
If that module does not quite work for Syncope then it is fine :-), just wanted to make sure you are aware of it 

Cheers, Sergey


Regards.


On 07/03/17 10:49, Francesco Chicchiriccò wrote:

Hi all,
I have made a proposal at [1] and opened SYNCOPE-1041 for the purpose.

I am already working on it, and it should be ready on time for Syncope
2.0.3.

The idea is to embed the whole implementation in a PR, with option of
further discussing before merge.

Also, I would like to include, in the 2.0.3 release notes, a public
"thank you" statement to the University of Helsinki similar to the one
we made for 1.1.0 [2].

WDYT?
Regards.

[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+SAML+2.0+Service+Provider+feature

[2]
https://cwiki.apache.org/confluence/display/SYNCOPE/Ad+libitum#Adlibitum-1.1.0(April5th,2013)






--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Reply via email to