NOT a heartbleed question
Bryan E. Wooten
bryan.wooten at utah.edu
Thu Apr 10 14:11:47 EDT 2014
I just got off a conference call with a vendor discussing SAML 2 SSO.
I thought I'd ask the list for their insight an feedback.
First they want to do IDP initiated login. We have never done that before. Is it as easy as I am lead to believe from this wiki page:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO
All need is a link like this: https://myidp.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=someid&shire=providerURL
The vendor does not supply meta-data. I thought that was a requirement.
And last does my 2.3.5 IDP meet these requirements out of the box or do I have work to do (beyond just configuration)?
2.0 Partner shall generate a SAML Response message, as specified by the SAML 2.0 standard, upon successful authentication of a user.
2.1 Partner shall digitally sign the SAML Response sent to Corestream using the private key of their signing certificate.
2.2 Partner shall provide Corestream with the public key of the certificate used to sign the SAML Response token.
2.3 Partner shall Base-64 encode the SAML Response
2.4 Partner shall transmit the Base-64 encoded SAML Response via a HTTP POST to the URL specified by Corestream.
3.0 Partner shall provide both a UAT and Production system for integration testing.
Thanks,
-Bryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140410/5294b6a7/attachment-0001.html
More information about the users
mailing list