exploring the saml 2 0 ecp profile
play

Exploring the SAML 2.0 ECP-Profile Development of a client and a - PowerPoint PPT Presentation

May 05, 2023 •208 likes •365 views

Technology programme, http://tek.hip.fi Exploring the SAML 2.0 ECP-Profile Development of a client and a service provider prototype Carolina Lindqvist HIP summer student at CERN carolina.lindqvist[at]cs.helsinki.fi

  1. Technology programme, http://tek.hip.fi Exploring the SAML 2.0 ECP-Profile Development of a client and a service provider prototype Carolina Lindqvist HIP summer student at CERN carolina.lindqvist[at]cs.helsinki.fi https://github.com/lindqvist/simple-ecp-client

  2. Technology programme, http://tek.hip.fi Enhanced Client or Proxy (ECP) The ECP Profile The ECP-client and the Service Provider Process flow Messages Demo

  3. Technology programme, http://tek.hip.fi GET https://www.example.com/resource ECP Client Service Provider Accept=text/html; application/vnd.paos+xml PAOS=ver=”urn:liberty:paos:2003-08”; ”urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp” Identity Provider

  4. Technology programme, http://tek.hip.fi SP issues AuthnRequest ECP Client Service Provider SOAP Envelope Headers: PAOS Request ECP Request Body: Identity Provider AuthnRequest

  5. Technology programme, http://tek.hip.fi ECP Client Service Provider Client forwards AuthnRequest to IdP SOAP Envelope Headers: Body: Identity Provider AuthnRequest

  6. Technology programme, http://tek.hip.fi ECP Client Service Provider The IdP asks the client to identify themselves Identity Provider

  7. Technology programme, http://tek.hip.fi ECP Client Service Provider The client provides the IdP with a username and a password. Identity Provider

  8. Technology programme, http://tek.hip.fi ECP Client Service Provider If the authentication succeeds, the IdP sends a SAML Assertion to the client. SOAP Envelope Headers: ECP Response Body: Identity Provider Response

  9. Technology programme, http://tek.hip.fi The client forwards the SAML Assertion to the response consumer (SP). ECP Client Service Provider SOAP Envelope Headers: Body: Response Identity Provider

  10. Technology programme, http://tek.hip.fi The SP will register the client's login and redirect it to the initial resource. ECP Client Service Provider Identity Provider

  11. Technology programme, http://tek.hip.fi The SAML Assertion Contains information about the authenticated user <saml2:Attribute FriendlyName="cn" Name="urn:oid:2.5.4.3"> <saml2:AttributeValue xsi:type="xs:string">Tina Tester</saml2:AttributeValue> Simplifies authentication Username + password The assertion can be used with other services STS, Hydra ...

  12. Technology programme, http://tek.hip.fi Example: STS SAML Assertion ECP Client STS e.g. X509 Certificate Headers: Headers: SAML Assertion BinarySecurityToken Body: Body: RequestSecurityToken SecurityTokenResponseCollection UseKey

  13. Technology programme, http://tek.hip.fi Demonstration :)

  14. Technology programme, http://tek.hip.fi Questions? ECP? Assertion? PAOS?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SAML 2.0: LECP Solution Proposal Work Plan Item W-5a Frederick Hirsch 23 October 2003 Intent:

SAML 2.0: LECP Solution Proposal Work Plan Item W-5a Frederick Hirsch 23 October 2003 Intent:

SAML 2.0: LECP Solution Proposal Work Plan Item W-5a Frederick Hirsch 23 October 2003 Intent: Add an additional profile Web Browser Artifact Profile Web Browser POST Profile LECP Profile Use Case Mobile phone user accesses web

469 views • 14 slides
SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline

SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline

Fondation RESTENA euroCAMP 04 April 2006 SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline SAML 1.1 overview Abstract operations vs. SAML profile Abstract operations: changes since

165 views • 14 slides
Google&lt;-SAML-&gt;Zscaler Integration Agenda n What is SAML? n AAA, Testing,

Google&lt;-SAML-&gt;Zscaler Integration Agenda n What is SAML? n AAA, Testing,

Summer Webinar Series Google&lt;-SAML-&gt;Zscaler Integration Dianne Dunlap (ddunlap@mcnc.org, 919-248-8439) Client Network Engineering Webinar Links: www.mcnc.org/cne-webinars Google&lt;-SAML-&gt;Zscaler Integration Agenda n What is

899 views • 63 slides
WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest / Hungary Agenda Education &amp; Research Identity Federations SAML Terminology Overview of SAML auth call flow WebRTC Identity model

1.09k views • 52 slides
Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID Terminology OpenID OpenID OpenID Consumer Identity Provider SAML 2.0 Terminology SAML 2.0 SAML 2.0 Service Provider Identity Provider What is

427 views • 16 slides
OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

Shib Shibbolet oleth Develo Developmen ent a t and Su d Supp pport Services t Services OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm, 7 May 2008 EuroCAMP, Stockholm, 7 May 2008 Shib

666 views • 20 slides
A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel Matranga Access Delegation in distributed environments SAML 2.0 Condition to Delegate Implementation Future plans Access Delegation in distributed

666 views • 18 slides
Making the most of Unifrog First Steps Exploring Pathways Recording What Youve Done

Making the most of Unifrog First Steps Exploring Pathways Recording What Youve Done

27 th April 2020 Making the most of Unifrog First Steps Exploring Pathways Recording What Youve Done You dont want it to look like this!!!!!!!!!!!! Exploring Pathways Personality/Interests Profile MOOCS Useful online courses

145 views • 13 slides
Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing

Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing

Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing LastN Nightly support Statistics and logging system News Atlassian has just acquired Blue Jimp, Jitsi will continue to evolve as an

795 views • 17 slides
Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri Demchenko, Leon Gommans, Cees de Laat System and Network Engineering Group University of Amsterdam POLICY2007 Workshop 13-15 June 2007, Bologna Outline

532 views • 25 slides
Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos &amp; SAML John Hughes, Entegrity Solutions Tim

Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos &amp; SAML John Hughes, Entegrity Solutions Tim

Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos &amp; SAML John Hughes, Entegrity Solutions Tim Alsop, CyberSafe Limited Current Document Progress Two documents : Generalised AuthnRequest Profiles Working Draft 02, 1st February 2004

239 views • 7 slides
Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL Bob Morgan University of Washington and Internet2 TERENA TF-EMC2 Florence, Italy March 2007 Trust management in SAML Trust management in SAML

566 views • 9 slides
Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About

Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About

Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About InCommon Federated security incident response Security contacts in metadata Metadata integrity Examples and statistics Open questions

463 views • 12 slides
SEISMIC EXAMPLE OF SEISMIC EXAMPLE OF MIOCENE TOE-THRUST MIOCENE TOE-THRUST EXAMPLE OF LOWER

SEISMIC EXAMPLE OF SEISMIC EXAMPLE OF MIOCENE TOE-THRUST MIOCENE TOE-THRUST EXAMPLE OF LOWER

E QUATOR E XPLORATION L IMITED E QUATOR E XPLORATION L IMITED Exploring West African Waters Exploring West African Waters Investor Presentation - June 2005 Investor Presentation - June 2005 E QUATOR CORPORATE PROFILE E QUATOR CORPORATE PROFILE

935 views • 38 slides
Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007

Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007

Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007 Tokens, Protocols, Bindings, and Profiles Tokens are requests and assertions Protocols bindings are communication mechanisms for transfer of

324 views • 19 slides
Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel

Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel

Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel ellwag, Open Telekom Cloud Architect ,T-Systems Yue uefen eng Pan an, Senior Cloud Solutions Architect, Huawei Open Telekom Cloud 26.06.2017 1

294 views • 28 slides
The facial weak order and its lattice of quotients Aram Dermenjian Joint work with: Christophe

The facial weak order and its lattice of quotients Aram Dermenjian Joint work with: Christophe

Background Facial Weak Order Lattice and properties The facial weak order and its lattice of quotients Aram Dermenjian Joint work with: Christophe Hohlweg (LACIM) and Vincent Pilaud (CNRS &amp; LIX) Universit du Qubec Montral 13

1.1k views • 52 slides
Super-Time-Stepping P. D. Mullen UIUC Email: pmullen2@illinois.edu GitHub: pdmullen 1

Super-Time-Stepping P. D. Mullen UIUC Email: pmullen2@illinois.edu GitHub: pdmullen 1

Super-Time-Stepping P. D. Mullen UIUC Email: pmullen2@illinois.edu GitHub: pdmullen 1 &lt;latexit

355 views • 13 slides
Components with Symbolic Transition Fabrcio Fernandes, Systems: a Java Implementation

Components with Symbolic Transition Fabrcio Fernandes, Systems: a Java Implementation

Components with STS : a Java Imple- mentation Components with Symbolic Transition Fabrcio Fernandes, Systems: a Java Implementation Jean-Claude Royer, Robin Passama of Rendezvous Outline Introduction Fabrcio de Alexandria Fernandes

585 views • 34 slides
On strongly regular graphs attaining the claw bound M. Ma caj Comenius University,

On strongly regular graphs attaining the claw bound M. Ma caj Comenius University,

On strongly regular graphs attaining the claw bound M. Ma caj Comenius University, Bratislava, Slovakia Villanova, June 5th 2014 Strongly regular graphs A k -regular graph on n vertices is strongly regular with parame- ters ( n, k, , )

523 views • 29 slides
Deploying Information Deploying Information Agents on the Web Agents on the Web Craig A.

Deploying Information Deploying Information Agents on the Web Agents on the Web Craig A.

Deploying Information Deploying Information Agents on the Web Agents on the Web Craig A. Knoblock Knoblock Craig A. University of Southern California University of Southern California and and Fetch Technologies Fetch Technologies Craig

942 views • 77 slides
Secure Communication by Ratcheting F Bet ul Durak and Serge Vaudenay COLE POLYTECHNIQUE

Secure Communication by Ratcheting F Bet ul Durak and Serge Vaudenay COLE POLYTECHNIQUE

Secure Communication by Ratcheting F Bet ul Durak and Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE SV 2018 ratchet ASK 2018 1 / 43 Secure Communication 1 Ratcheting 2 Our Results 3 SV 2018 ratchet ASK 2018 2 / 43

926 views • 43 slides
Are C e Caste C e Categ egories M es Misl slea eading? The e Relationsh ship B p Bet

Are C e Caste C e Categ egories M es Misl slea eading? The e Relationsh ship B p Bet

Are C e Caste C e Categ egories M es Misl slea eading? The e Relationsh ship B p Bet etween een Ge Gend nder er a and nd Jat ati in T n Three ee Indian S States Shareen Joshi (Georgetown University) Nishtha Kochhar

431 views • 28 slides
STS Read-out Ele lectronics for The CBM Experiment Merve Dogan, Adrian Rodrigues Rodriguez,

STS Read-out Ele lectronics for The CBM Experiment Merve Dogan, Adrian Rodrigues Rodriguez,

C S B T M S Quality Assurance Tests of f The STS Read-out Ele lectronics for The CBM Experiment Merve Dogan, Adrian Rodrigues Rodriguez, Christian J. Schmidt 5th Matter and Technology Meeting, Jena 2019 Merve Dogan, Matter and

499 views • 13 slides

More recommend