SSO Implementation

Peter Schober peter.schober at
Mon Nov 5 04:20:17 EST 2012

* Raz's <gajula.rajashekhar at> [2012-11-05 03:13]:
> Finally we are succeeded our requirement in implementation of SAML on our
> we are going to implement it on our production servers so
> kindly share your valuable suggestions to avoid security breaches /
> necessary things to do before implementing SAML on production servers.

I don't think it's possible to give a short, complete and universally
applicable answer to this. The documentation has this to offer:
Managing log files often is neglected.
Having SSL with trustworthy (for your constituency) certificates an
all endpoints should go without saying.
Have a look at
as there are a few tunables regarding the session, e.g. inactivity
timeout, probably setting handlerSSL="true" and cookieProps="https".
checkAddress="true" would help but often needs to remain disabled for
reasons stated in the documentation.
Keeping the software, libraries, server, application and OS current
and patched should come as no surprise.
If in doubt ask your local CSO/CISO ;)

More information about the users mailing list