syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: [DISCUSS] SAML 2.0 Service Provider feature
Date Tue, 07 Mar 2017 11:08:02 GMT
Hi Francesco
On 07/03/17 11:00, Francesco Chicchiriccò wrote:
> On 07/03/2017 11:56, Sergey Beryozkin wrote:
>> Hi Francesco
>>
>> Not sure if it can be relevant for this work but at the CXF level we
>> have this SAML SP support:
>>
>> http://cxf.apache.org/docs/saml-web-sso.html,
>>
>> something Colm and myself worked upon earlier on.
>
> Thanks for the pointer, Sergey: I did already find it, though.
>
> This does not completely fit in our scenario since here the idea is to
> split the responsibilities in two: from one side the front-end
> web-fragment takes care of the SAML exchange, from the other side the
> Syncope core (e.g. the CXF application) works as back-end for the
> effective SAML assertion validation and generation.
>
> I'll look at the provided page and related implementation, anyway, thank
> you very much indeed.
>
Thanks, right, what that CXF module offers is an ability to redirect the 
users to the SAML2 IDP and validate the saml assertions when the user is 
returned from there and make sure the security session is set.

> FYI, this class
>
> https://github.com/apache/wss4j/blob/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java
>
>
> has been already extremely useful to me, since OpenSAML 3 documentation
> is practically absent.
I believe we also use those utils or may be other OpenSAML related code, 
Colm would know more about it

If that module does not quite work for Syncope then it is fine :-), just 
wanted to make sure you are aware of it

Cheers, Sergey
>
> Regards.
>
>> On 07/03/17 10:49, Francesco Chicchiriccò wrote:
>>> Hi all,
>>> I have made a proposal at [1] and opened SYNCOPE-1041 for the purpose.
>>>
>>> I am already working on it, and it should be ready on time for Syncope
>>> 2.0.3.
>>>
>>> The idea is to embed the whole implementation in a PR, with option of
>>> further discussing before merge.
>>>
>>> Also, I would like to include, in the 2.0.3 release notes, a public
>>> "thank you" statement to the University of Helsinki similar to the one
>>> we made for 1.1.0 [2].
>>>
>>> WDYT?
>>> Regards.
>>>
>>> [1]
>>> https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+SAML+2.0+Service+Provider+feature
>>>
>>> [2]
>>> https://cwiki.apache.org/confluence/display/SYNCOPE/Ad+libitum#Adlibitum-1.1.0(April5th,2013)
>>>
>


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Mime
View raw message