On 17.03.2021 17:49, Christopher Schultz wrote:
André,
On 3/16/21 18:21, André Warnier (tomcat/perl) wrote:
Alternatively, see this :
https://wiki.shibboleth.net/confluence/display/SP3/JavaHowTo
Thanks for mentioning this. I looked at Shibboleth.
Their web site says "version 3 is deprecated" and "version 4 is undocumented".
We've been using versions 2 and 3 without problems. I don't know what version 4 brings,
that is not in the others but nevertheless helpful.
We've set up one (our own) IdP (the SAML "identity provider", where the clients really
login), and several SP (Service Provider), which interact with our own IdP or with other
people's IdP's (of various brands/makes/types).
It's all a bit of work to set up, but once set up it hasn't given us any more
hassle.
The documentation for versions 2 and 3 is very extensive, and quite complex, which I
believe is kind of unavoidable considering that SAML itself is one of these things
designed by a committee.
(We also have our own summarised installation and setup documentation, so if you want any
tips, just ask)
:(
That's not exactly encouraging.
Thanks,
-chris
On 16.03.2021 21:18, Christopher Schultz wrote:
Robert,
On 3/16/21 14:33, Robert Turner wrote:
Chris,
I'm not sure if it will do what you want, but when sourcing Java-based SAML
libraries for our use as an SP, I too found that most of the libraries were
much larger and more complicated that I thought necessary. We went with the
(limited but simple to use) OneLogin libraries for our use case. It doesn't
do everything by any means, but was considerably smaller and simpler than
most packages out there.
I did see the OneLogin library. You mean this one, right?
https://github.com/onelogin/java-saml
Is there anything tied to any particular service for that? Or do they simply give-away
their library for use anywhere?
Thanks,
-chris
On Tue, Mar 16, 2021 at 1:55 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
All,
I've got a system which is accepting one-legged, signed SAML responses
from trusted third parties and going all the right things. It's working
great.
It's time to look at doing the opposite: assembling our own SAML
responses, signing them, and sending them to another party.
I'm sure I could manually create a DOM document with all the right
namespaces, add the various values that I need, and then use XML DSIG
using the bits and pieces that are provided by Java directly, but
there's got to be a nice compact library that doesn't require me to
download the entire internet in order to use in my product.
Any recommendations?
Thanks,
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
