Stack Overflow
Stack Overflow

Questions tagged [saml-2.0]

Security Assertion Markup Language 2.0 (SAML 2.0) is a standard providing means to exchange authentication and authorization data between security domains. It is typically used to achieve cross-domain single sign-on (SSO) and creation of security tokens.

Security Assertion Markup Language () is an -based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). is a product of the Security Services Technical Committee.

SAML version 2 () adds digital signatures and resolves back into the SAML standard enhancements made to the SAML 1.1 () specification by other systems (for instance Shibboleth and WS-federation).

SAML 2.0 is significantly different from SAML 1.1 and is not backwards compatible, although many systems can handle both.

Questions should have this tag when they are specifically related to SAML 2.0, more general SAML questions should have the less specific tag instead.

3007 questions
17
votes
1 answer

SAML 2.0 Service Provider in Python

I am looking to implement a SAML 2.0 based service provider in Python. My web apps are currently all Flask applications. I plan to make a Flask blueprint/decorator that allows me to drop single sign-on capabilities into preexisting applications. I…
steve
  • 2,488
  • 5
  • 26
  • 39
17
votes
3 answers

Recipient endpoint doesn't match with SAML response

Usually my Spring SAML-based Service Provider (SP) implementation works fine, but sometimes it returns this error: [2014-07-17 16:00:58.767] boot - 1078 DEBUG [http-bio-80-exec-1] --- BaseMessageDecoder: Successfully decoded message. [2014-07-17…
vdenotaris
  • 13,297
  • 26
  • 81
  • 132
17
votes
4 answers

How do I set up a local test SAML2.0 Identity Provider?

As a Service Provider (SP) I have written a node.js service to processes SAML2.0 Assertions. I would now like to test this code. I am aware that I can use various cloud-based services to act as my test Identity Provider (IdP) however these require…
biofractal
  • 18,963
  • 12
  • 70
  • 116
17
votes
4 answers

SAML with Django authentication

I'm using Django and nginx hosted on AWS. I'm trying to integrate with a university for SAML authentication, using their idp. There are plenty of outdated answers on SO, but is there anything more relevant with current standards? Many of the apps…
KVISH
  • 12,923
  • 17
  • 86
  • 162
16
votes
3 answers

Construct a signed SAML2 LogOut request

My aim is to implement the Single Log Out Protocol. First I am understanding how the standar works and how I can fit it in my scenario: ADFS 2.0 as IdP, for me is like a "black box" What I am doing at the moment is the next: Send an
Gaucho
  • 899
  • 1
  • 12
  • 25
16
votes
2 answers

SAML2.0 Authentication with Node.js and SPA

I've been scratching my head for about 2 days on how to solve what seemed to be a simple task, but it's starting to drive me crazy. I have an application where users will use SAML 2.0 to authenticate. I have a react-application set up for the…
Stian Bakken
  • 673
  • 1
  • 5
  • 15
16
votes
2 answers

Logging out using passport-saml: req.logout() or Strategy.logout(), or both?

I have a question regarding the proper way to logout a user when using passport-saml for authentication. The example script with passport-saml shows logging out as this: app.get('/logout', function(req, res){ req.logout(); …
Dave Stearns
  • 585
  • 3
  • 6
  • 14
16
votes
1 answer

Can I provide the username to use in a SAML request? (AD FS)

When initiating a SAML authentication request (from the Service Provider), is there any way to give the Identity Provider a hint as to which username to use? In my application I know which user it wants to authenticate (based on a unique link the…
joelsand
  • 2,245
  • 2
  • 21
  • 31
15
votes
1 answer

What is the best SSO solution for a native mobile app which can support multiple IDPs?

In our current situation, our web-based application(SP) has already integrated SSO using Spring Security SAML extension. Our product is a SaaS and we have different clients who may have different IDPs (Identity Providers) configured at their end.…
abhilash
  • 785
  • 1
  • 10
  • 19
15
votes
6 answers

SSO using SAML2.0 in asp.net

My requirement is to implement SSO using SAML2.0 in asp.net. I do have 2 vendors at my end. Wanna pass the user from one site to other site without logging into the second. I have never used SAML2.0 before. Can anyone help me out how can I get it…
dipa
  • 253
  • 1
  • 4
  • 12
14
votes
2 answers

Asp.Net Core SAML Response Signature Validation

I'm working on a web application that needs to implement a SAML SSO using a third party idP (SP-initiated). I've reached the point where I am receiving the SAMLResponse from the idP which looks like this:
Jared
  • 153
  • 1
  • 8
14
votes
2 answers

SAML IdP - AWS Cognito/IAM as an Identity Provider

I know services such as Auth0 can act as both SAML IdPs and integrate with third party IdPs. It would seem that Cognito can only integrate with other third party IdPs as a service provider, it can actually perform the role of an IdP. The use case…
NightWolf
  • 7,694
  • 9
  • 74
  • 121
14
votes
1 answer

Recipient vs Audience in SAML 2.0

Can somebody explain what is the difference between Recipient and Audience in SAML 2.0? I found only quite vague explanation from OneLogin…
Victor Ronin
  • 22,758
  • 18
  • 92
  • 184
14
votes
2 answers

Including SAML2.0 token in WCF service call without using WIF

I'm trying to set up a WCF service protected by ADFS. I'm currently able to request a token and send it with the request using WIF and Thinktecture IdentityModel 4.5 with the following code: static SecurityToken GetToken() { var factory = new…
Wouter Roos
  • 201
  • 4
  • 11
14
votes
6 answers

How to created signed AuthNRequest?

I am interfacing with an IDP and have a basic AuthNRequest created as follows:
gbhakta
  • 203
  • 1
  • 3
  • 7
1 2
3
99 100