Highest Voted 'saml' Questions - IT Security Stack Exchange

4

votes

1 answer

How does the "Service Identity" feature of Azure ACS compare (and contrast) to a real IDP?

It appears that the ACS has IDP-style features within the "Service Identities" section. How does the ACS treat these in comparison to a real IDP? What is missing? Some examples I'm thinking of include: Account Lockout, Auditing, Token Replay, etc.…

asked Apr 12 '11 at 01:42

makerofthings7

50,090
54
250
536

4

votes

1 answer

Why is SAML still used for enterprise SSO instead of OIDC?

Im trying to wrap my head around the difference between SAML/OIDC/and OAuth Is the only reason SAML is the most popular choice for enterprise SSO that its been around much longer? Is it expected to eventually be replaced by OIDC and OAuth for SSO OR…

oauth openid-connect saml

asked Dec 06 '20 at 23:04

user1028270

155
6

4

votes

1 answer

Why sign SAML authentication requests

In SAML, signing or encrypting the assertions seems to be essential, but I'm not finding much information describing any benefits or drawbacks of signing the authentication request in real world "practical" scenarios. Security and Privacy…

digital-signature saml

asked Aug 28 '19 at 20:04

AndOs

141
2

4

votes

2 answers

HTTP Response to a SAMLResponse POST by user agent

Looking at RFC2616, is it acceptable to return an HTTP 200 (page load) as a response to a SAMLResponse post to the SP? i.e. the user-agent loads a page instead of redirecting via a 302 / 303? Looking for clarity on 3.4.5 here…

saml

asked Jul 25 '19 at 15:03

Brett

143
6

4

votes

1 answer

SAML assertion encryption and using same key for encryption as signing

I am working with a company that has product that supports SAML based authentication. We do not facilitate for just in time federation and only accept the user identifier in assertion responses (the user must already exist in the system). If we are…

sso saml

asked Mar 04 '19 at 01:01

Cyassin

503
2
6
12

4

votes

2 answers

Does SAML 2.0 define how to pass only username from SP to IDP?

I am looking at a use case where the service provider will need to capture the user id (not password) to identify the target IDP. In this case, the requirement is to send the user id (that is already captured at service provider end) to IDP, so that…

saml

asked Jun 24 '16 at 12:37

Sayan Banerjee

41
3

4

votes

1 answer

SAML token and service calls

I am working on a tablet application and have come across an interesting issue. We have a domain joined tablet that runs a Windows Store Application. We already have user identity and we need to call a web service endpoint that is secured with…

authentication active-directory saml

asked Apr 22 '16 at 03:26

user1733655

41
2

3

votes

0 answers

Can a service provider communicate directly with an identity provider?

I'm making an authentication server that will act as an identity provider for my service. Looking at the typical SAML use case, the service provider will redirect the principal to the identity provider. In my case however, is it ok for the service…

authentication saml

asked Jun 10 '15 at 22:46

user2066880

131
2

3

votes

1 answer

SAML and OpenID, centralized and decentralized

I'm learning SAML, which is said to be centralized. To understand the difference with decentralized, I'm reading about OpenID. I find it difficult to understand the difference between the two, regarding centralization. OpenID is said to be…

authentication openid saml

asked May 05 '14 at 08:01

Stefan Rasmusson

426
2
11

3

votes

1 answer

SAML for transporting authorization information

I'm thinking of using SAML for sending authentication and authorization information to system. I plan to send roles and other information as authentication attributes in the assertion. Does this sound like good idea or do I have to look into using…

authorization saml

asked Apr 03 '14 at 07:08

Stefan Rasmusson

426
2
11

3

votes

0 answers

Are the default Azure AD Authentication Certificates global?

When authenticating against an AzureAD instance (using WS-Federation and SAML 2 tokens) the relying/authenticating application requests authentication metadata from a fixed URL on the auth servers, that metadata contains multiple X509 certificates…

authentication saml federation

asked Jun 06 '19 at 12:47

redcalx

133
4

3

votes

1 answer

SHA1 signature in a SAML request

I'm currently looking at the security of a KeyCloak implementation, which again uses SAML 2.0 identity provider. I'm not too familiar with SAML, but during the authentication, the sent SAMLRequest states…

digital-signature sha sso saml

asked Feb 27 '19 at 08:59

GarlicCheese

129
1
11

3

votes

0 answers

SAML - when creating new users, how do I get essential fields?

My company runs a saas product; as we move into enterprise customers, we're getting more and more requests for SSO. I understand the SAML workflow for authentication, and roughly how we'd implement it. I also get that we could allow companies to…

sso saml

asked Jan 16 '19 at 18:10

fridgepolice

183
5

3

votes

0 answers

Voting w/ SAML + BlockChain

There are a few grass roots initiatives to introduce blockchain as a ledger for election voting. My criticism of the ones I have seen, at the time I saw them, is that they did not adequately address the paradox of anonymity vs identity. Our election…

saml electronic-voting blockchain

asked Jul 25 '18 at 14:05

Jonathon Anderson

171
6

3

votes

0 answers

SAML 2 | Refresh IdP Session when user is working on SP

Wanted to discuss the solution and options to refresh the IdP Session when user is actively working on the SP. The use case is that after successful SP-Initiated SSO, there are two sessions in picture: IdP (SSO) Session SP Session When user is…

session-management saml

asked Jun 22 '18 at 19:50

Manchanda. P

69
1
4

Questions tagged [saml]