-
-
2. Re: Security Certificate
wow.
That's a requirement for my application.
Can you suggest another route for setting up SAML on JBoss?
I have found this:
http://www.sourceid.org/projects/saml_1_1_toolkit.cfm -
3. Re: Security Certificate
Well JBoss SSO does support SAML 1.0 but has only login/password authentication. You are welcome to contribute, actually there are a feature request at the jira https://jira.jboss.org/jira/browse/JBSSO-12
Else take a look at http://www.josso.org -
-
5. Re: Security Certificate
Turns out the scope of my applcation is going to be a lot smaller.
I only need to host a "partner" app that receives a SAML token and gives access to my secured application using POST response.
Questions:
1. Can I use any of the Test-sso source code for this? What classes would be of use to me?
2. Can I integrate the certificate at this level? Does the basic framework exist for me to write that?
3. I understand that SAML (I'm using 1.1) is a SOAP protocol, yet it's sent as an HTTP POST. Does that mean I have to use a web service to process it? Or are there simple classes for receiving the POST with SOAP in Tomcat that allow me to parse the SAML and make use of its attributes? -
6. Re: Security Certificate
Just use OpenSAML2.0. They have lots of utility code and their mailing list is pretty active.
-
7. Re: Security Certificate
Thank you!
This psuedocode from OpenSAML below seems exactly what I need to write a service provider capable of receiving a SAML token, verifying it with an XML signature and then reading it's assertions/attributes!
https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManualPsedocodeSP
