Click here to Skip to main content
15,665,319 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I have found your article on SAML to be very interesting and at the same time, somewhat curious. I have been tasked with getting a "SAML solution" in place for a client. They are the identity priovider and are trying to use SAML to maintain a secure handshake which will authorize employees when they go to a vendor's internet site. The vendor is clueless as to how SAML works, they just know that the identity provider should send an HTTP Post request and they will send back a response. They offer no technical help other than the one sample coded page they sent.

I was wondering if you could give me any insight as to how this can actually work. Here's the scenario: The vendor has a copy of the identity provider's x509 certificate file. A sample HTTP post page written in was supplied by the vendor and altered by the identity provider. The sample page required that a "secret key" be inserted, which is used during the encryption process. It also required the username be supplied and the changing of the post url. The assertion and response are already in the code to be generated. The vendor is not sure what the "Secret Key" should be and this is the only hangup to sending the page, as far as the vendor knows. Does this even sound familiar or do you have a suggetion as to any other options?

jharkness wrote:
I have found your article on SAML

Had you gone right to the end, you would have found the forum where you can post questions to the article's author. The chances that he or she will just happen to see this question are quite low.
Share this answer
Can you please provide the procedure need to follow to aurthendicate the webservice call using SAML.
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900