Search:

Glad you got it working! Yes, I'll see what could be changed to make this possible without subclassing.

Vladi

Hi,

There are then three options:

- You can either disable the HTTP-Artifact profile and use HTTP-POST instead, you can do so by removing AssertionConsumerService for HTTP-Artifact from your SP...

Hi,

Just follow the same thread, it covers this problem as well - most likely your artifact resolution needs the same proxy settings.

Brs, Vladi

Hi,

You can find answer in this thread.

Vladi

SAML AuthenticationRequest doesn't support any standard way to send attributes towards IDP. The only place for inclusion of such data is the Extensions element. You can customize content sent in the...

Once a user opens a page after session expiration the usual mechanisms of Spring Security will kick-in and will decide what to do:

- in case the page is secured it will invoke the configured entry...

Hi Mark,

Yes, setting the maxAuthenticationAge high enough will make the SAML Extension accept the assertion. The value should be set to the maximum allowed session/remember-me time of the IDP...

Hi,

After the timeout your user is likely redirected back to the IDP which immediately responds with an assertion and states that the user had been authenticated earlier and tells about the time...

Yes, it definitely seems that this is the reason. There are most likely two different HttpSessions in your system (one at the http, other at the https) and the original request data is stored in only...

Hi Ohad,

First idea which comes to mind - is there any chance that when you send the request you use an http:// URL, but the response comes to an https://?

Vladi

I'm glad you found a solution which works for you, but make sure to test it carefully - making the AuthnRequest wrapped in a Serializable class or extending it and declaring the extended class as...

Hi Ian,

There's not that many changes since RC2 - mostly build issues and documentation, so unless some bugs/important feature requests still come up it's possible that I'll skip RC3 and release...

Hi,

You have figured most of the bits already, but perhaps some of the stuff bellow will still help you.

You don't need to put all your local SP configurations into a single metadata file. You...

You can see how to serialize AuthnRequest objects in the HttpSessionStorage implementation - just wrap them in the SAMLObject which is serializable.

The low-level SAML components come from the...

I'm not aware of other free online services which would offer functionality beyond what SSO circle does. But if you're fine with in-house deployment you can try OpenAM which has limited entitlement...

Hi,

The SAMLMessageStorage interface was created for exactly the case you have - need for a custom way to replicate SAML state across multiple nodes. Implementing it in your own way definitely...

Hi,

I'm afraid that ECP won't be of help here. Most IDP's simply don't support it. It might make sense in case you'd be in control of the IDP you want to use and could customize it.

Vladi

Hi,

I've just been playing around with this a bit and e.g. adding the following into dependencies of saml2-sample/build.gradle produces a neat war with Spring 3.2.2 only (no sign of 3.0.7).

...

Hi Mark,

It's true that tweaking those values won't completely stop the reloading task. The way I've solved it earlier (to make the extension work with Google App Engine) was to implement my own...

Hi,

In order to authenticate user with an IDP using SAML 2.0 WebSSO you need to get your user to open the IDP's authentication page and enter her credentials, there's no way around it. So some...

Hi,

So you're setting the relay state using the WebSSOProfileOptions, but the relayState value is not included in the sent SAML message, right? This could indicate a bug. Which binding are you...

Hi,

Probably the easiest IDP to use is SSOcircle.com. You can find examples of integrating it in the quick start guide section of the SAML extension manual.

Cheers,
Vladimir Schafer

Hi,

The SAMLAuthenticationToken is only meant for passing of the context between ProcessingFilter and AuthenticationProvider. It contains instance of SAMLMessageContext which is not serializable...

Hi Mark,

You can use properties minRefreshDelay and maxRefreshDelay on the metadata bean to affect reloading. Full description is available in the JavaDoc. Setting the minRefreshDelay to a high...

Hi Ohad,

What user wants to achieve is a single sign-on to an SP application using authentication with a selected identity provider. SAML is just one of the means to achieve that and its usage is...