Stack Overflow
Stack Overflow

Questions tagged [saml-2.0]

Security Assertion Markup Language 2.0 (SAML 2.0) is a standard providing means to exchange authentication and authorization data between security domains. It is typically used to achieve cross-domain single sign-on (SSO) and creation of security tokens.

Security Assertion Markup Language () is an -based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). is a product of the Security Services Technical Committee.

SAML version 2 () adds digital signatures and resolves back into the SAML standard enhancements made to the SAML 1.1 () specification by other systems (for instance Shibboleth and WS-federation).

SAML 2.0 is significantly different from SAML 1.1 and is not backwards compatible, although many systems can handle both.

Questions should have this tag when they are specifically related to SAML 2.0, more general SAML questions should have the less specific tag instead.

3007 questions
86
votes
4 answers

What is exactly RelayState parameter used in SSO (Ex. SAML)?

I am trying to understand SSO using SAML. I have come across the RelayState parameter and am very confused exactly why it comes first in SSO to send encoded URLs? What exactly does it mean? Please read the following from the Google Developer…
Oomph Fortuity
  • 5,710
  • 10
  • 44
  • 89
69
votes
3 answers

SAML/ADFS node.js implementation guide?

I'd like to preface this by saying that until now, I hadn't even HEARD of SAML, much less developed a SSO strategy involving it. That, combined with the fact that I've barely been doing node for a year makes for a glorious newbie sandwich. …
SpacePope
  • 1,423
  • 1
  • 15
  • 21
42
votes
3 answers

SAML simple example for beginners

I am beginner to the SAML v2.0 technology and I get the theory knowledge but I didn't find any examples on Google. Can anybody provide me with a step by step example for simple "SAML for v2.0". Upto now I've gone through the theory part,i.e.., it…
user2779075
  • 421
  • 1
  • 4
  • 4
41
votes
5 answers

What is the purpose of a SAML Artifact?

I've seen a bunch of flow chart on how it is passed around between Identity Provider (IdP), Service Provider (SP), and Browser via Redirects. However it seems unnecessary to me right now, so i know i'm missing something. Can someone provide me a…
funa68
  • 909
  • 3
  • 12
  • 21
38
votes
5 answers

ASP.Net Core SAML authentication

I am trying to add SAML 2.0 authentication to an ASP.Net Core solution. I can't find any documentation on the subject, so I am unsure where to start. There is probably documentation out there, but I don't want to spend 3 days becoming an expert on…
Tedd Hansen
  • 12,074
  • 14
  • 61
  • 97
37
votes
2 answers

Working with SAML 2.0 in C# .NET 4.5

I am trying to use pure .NET (no external classes, controls, helpers) to create a SAML message. I found some code on the interwebs; this is what I have: private static SamlAssertion createSamlAssertion() { // Here we create some SAML assertion…
bugnuker
  • 3,918
  • 7
  • 24
  • 31
36
votes
1 answer

Custom Claim Handling Failed In Single Sign On

I am using the WSO2 Identity Server for Single Sign-On Implementations. In my demo applications, I am trying to get Custom claim attributes of authenticated Users from my own JDBC Database. I followed this blog of Pushpalanka. This worked fine for…
Tilakraj Jayswal
  • 471
  • 4
  • 10
34
votes
1 answer

What to present at SAML EntityID URL?

I am trying to implement a SSO that is provided by another website. The instructions ask me to enter "issuer" info. Which turns out is equivalent to the EntityID URL in the EntityDescriptor. I am assuming I need to set that URL to some url on my…
Lawrence Cooke
  • 1,567
  • 3
  • 26
  • 52
31
votes
2 answers

how do I redirect back to the originally-requested url after authentication with passport-saml?

Sorry if this is a bonehead question, but I'm having some trouble understanding how I might redirect the client browser back to whatever URL was originally requested after a successful authentication with our SAML identity provider (IdP). I'm using…
Dave Stearns
  • 585
  • 3
  • 6
  • 14
29
votes
2 answers

NotOnOrAfter in SubjectConfirmationData and Conditions and SessionNotOnOrAfter

In the SAML2 specification there are several places in an assertion where it is possible to specify a lifetime. The element contains a NotOnOrAfter attribute. The element contains a NotOnOrAfter…
Anders Abel
  • 67,989
  • 17
  • 150
  • 217
27
votes
5 answers

AADSTS700016: Application with identifier 'some_id' was not found in the directory 'some_another_id'

I need a federated authentication with custom policy (when user authenticated I need him to appear marked as Federated in b2c users, not Others or something else what I could achieve with single tenant), I had it before with default policy setup in…
basilio
  • 271
  • 1
  • 3
  • 4
27
votes
4 answers

Are SAML tokens cache/stored anywhere on the browser?

Scenario: Browser(User) requests resource from Service Provider (SP). SP Redirects (with SAML Request) to Identity Provider (IdP). Since it is first login, User gives the (IdP) his/her valid credentials. IdP then redirects Browser (with SAML…
funa68
  • 909
  • 3
  • 12
  • 21
26
votes
1 answer

Authenticating mobile users against SAML IDP

I am looking for a solution for - authenticating mobile-app users against SAML IDP, and have got some basic queries (I am new to SAML, OAuth :) ) In this scenario, the flow could be like the mobile user will be authenticated by IDP, the SAML…
nshweta
  • 499
  • 2
  • 7
  • 19
26
votes
11 answers

Logging into SAML/Shibboleth authenticated server using python

I'm trying to login my university's server via python, but I'm entirely unsure of how to go about generating the appropriate HTTP POSTs, creating the keys and certificates, and other parts of the process I may be unfamiliar with that are required to…
David Perlaza
  • 580
  • 2
  • 5
  • 9
24
votes
2 answers

SSO: How to synchronize user accounts between service provider and Identity Provider?

In a SSO environment, though the user accounts are maintained at IdP, some Service Providers do maintain a database having active user accounts. Now if a user is deactivated at IdP, what is the best way to pass that information to the respective SPs…
abhilash
  • 785
  • 1
  • 10
  • 19
1
2 3
99 100