SAML Single Sign On use

Question

0.00/5 (No votes)

See more:

I have found your article on SAML to be very interesting and at the same time, somewhat curious. I have been tasked with getting a "SAML solution" in place for a client. They are the identity priovider and are trying to use SAML to maintain a secure handshake which will authorize employees when they go to a vendor's internet site. The vendor is clueless as to how SAML works, they just know that the identity provider should send an HTTP Post request and they will send back a response. They offer no technical help other than the one sample coded page they sent.

I was wondering if you could give me any insight as to how this can actually work. Here's the scenario: The vendor has a copy of the identity provider's x509 certificate file. A sample HTTP post page written in VB.net was supplied by the vendor and altered by the identity provider. The sample page required that a "secret key" be inserted, which is used during the encryption process. It also required the username be supplied and the changing of the post url. The assertion and response are already in the code to be generated. The vendor is not sure what the "Secret Key" should be and this is the only hangup to sending the page, as far as the vendor knows. Does this even sound familiar or do you have a suggetion as to any other options?

Posted 30-Mar-10 4:12am

jharkness

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Answer 1 · 2010-03-30T07:08:00

Solution 1

jharkness wrote:
I have found your article on SAML

Had you gone right to the end, you would have found the forum where you can post questions to the article's author. The chances that he or she will just happen to see this question are quite low.

Posted 30-Mar-10 7:08am

Richard MacCutchan

Member 3956257 · Answer 2 · 2010-06-08T20:57:00

Solution 2

Can you please provide the procedure need to follow to aurthendicate the webservice call using SAML.

Posted 8-Jun-10 20:57pm

Member 3956257