[Architecture] SAML Artifact Binding - Server Side Implementations

Hi all, I've started working on the server-side implementation of SAML Artifact Binding. The basic idea is as follows. When authentication is done via SAML, SAML assertion is sent to the user agent (browser) as a direct response from the IDP. One disadvantage of this method is the possibility of

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

Hi all, As I'm going through the specifications, I came across following problems. - The above diagram shows Login Response binding with SAML art. There are other aspects of this as well such as Login Request Binding, Logout Request Binding, etc. Below diagram shows both login request an

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

[+ Dev] On Fri, Jun 22, 2018 at 3:23 PM Vihanga Liyanage wrote: > Hi all, > > As I'm going through the specifications, I came across following problems. > >- The above diagram shows Login Response binding with SAML art. There >are other aspects of this as well such as Login Request Bindi

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

Hi all, As for the discussion we had earlier [1], here attached the initial table design to store the SAML assertions against the artifact ID. Please let me know your concerns regarding this or anything discussed earlier. [image: image.png] [1] - "Invitation: [Architecture Review] - SAML Artifac

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

On Mon, Jul 2, 2018 at 2:48 PM, Vihanga Liyanage wrote: > Hi all, > > As for the discussion we had earlier [1], here attached the initial table > design to store the SAML assertions against the artifact ID. Please let me > know your concerns regarding this or anything discussed earlier. > > [imag

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

Hi Farasath, > > SAML Assertion size is going to depend with the number of requested > claims, signing, encryption etc. How are we planning to handle this > ​? > ​That is a valid question! The initial value, 4096 was used in the IDN_SAML2_ASSERTION_STORE table. But with my implementation, later I

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

Databases can handle large text fields. Column type depends on the database. For example [1] shows few MySql column types that can handle large texts. And in the same time there are some database column types that can handle xml etc. You will need to do some research to to find suitable column typ

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

Hi all, In the discussion we had today, a concern was raised about storing SAML assertions in the database as it can become quite large. The alternatives proposed are as follows. 1. Store any information we need to build the SAML assertion at artifact resolution time and build it there.

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

Hi Vihanga, In data storage theory, we have to store each atomic value in specific field. Now we have to decide what are our atomic values. e.g. is "AuthnRq ID" has a significance on its own? do we need to search for "AuthnRq ID"? do we want to change "AuthnRq ID"? etc. If yes, then it is an atomi

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

On Wed, Jul 4, 2018 at 9:13 PM, Vihanga Liyanage wrote: > Hi all, > > In the discussion we had today, a concern was raised about storing SAML > assertions in the database as it can become quite large. The alternatives > proposed are as follows. > >1. Store any information we need to build the

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

Hi all, With the discussion we had today, we have decided to go with below database structure. IDN_SAML2_ARTIFACT_STORE PK ID INT NOT NULL SOURCE_ID BLOB NOT NULL MESSAGE_HANDLER BLOB NOT NULL AUTHN_REQ_DTO BLOB NOT NULL SESSION_ID VARCHAR(255) NOT NULL INTI_TIMESTAMP DATETIME NOT NULL EXP_

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

Hi all, I have completed basic flow with SAML2 artifact binding and sent a PR [1] . Now we have the following points to decide on. 1. Issued SAML2 artifacts should have a shortest practical time limit which an artifact

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

Hi all, We had a conflict in the last review with the SAML assertion query profile [1] implementation. *What should happen when an artifact is issued to an SP and it's not yet resolved? Should the app be able to query the assertion acc

Re: [Architecture] SAML Artifact Binding - Server Side Implementations

Hi all, I have completed the implementations of the feature and now in the process of writing an integration test suit. While doing that I faced a few issues. The plan is to use the new IS samples in here [1]