exploring the saml 2 0 ecp profile
play

Exploring the SAML 2.0 ECP-Profile Development of a client and a - PowerPoint PPT Presentation

Technology programme, http://tek.hip.fi Exploring the SAML 2.0 ECP-Profile Development of a client and a service provider prototype Carolina Lindqvist HIP summer student at CERN carolina.lindqvist[at]cs.helsinki.fi


  1. Technology programme, http://tek.hip.fi Exploring the SAML 2.0 ECP-Profile Development of a client and a service provider prototype Carolina Lindqvist HIP summer student at CERN carolina.lindqvist[at]cs.helsinki.fi https://github.com/lindqvist/simple-ecp-client

  2. Technology programme, http://tek.hip.fi Enhanced Client or Proxy (ECP) The ECP Profile The ECP-client and the Service Provider Process flow Messages Demo

  3. Technology programme, http://tek.hip.fi GET https://www.example.com/resource ECP Client Service Provider Accept=text/html; application/vnd.paos+xml PAOS=ver=”urn:liberty:paos:2003-08”; ”urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp” Identity Provider

  4. Technology programme, http://tek.hip.fi SP issues AuthnRequest ECP Client Service Provider SOAP Envelope Headers: PAOS Request ECP Request Body: Identity Provider AuthnRequest

  5. Technology programme, http://tek.hip.fi ECP Client Service Provider Client forwards AuthnRequest to IdP SOAP Envelope Headers: Body: Identity Provider AuthnRequest

  6. Technology programme, http://tek.hip.fi ECP Client Service Provider The IdP asks the client to identify themselves Identity Provider

  7. Technology programme, http://tek.hip.fi ECP Client Service Provider The client provides the IdP with a username and a password. Identity Provider

  8. Technology programme, http://tek.hip.fi ECP Client Service Provider If the authentication succeeds, the IdP sends a SAML Assertion to the client. SOAP Envelope Headers: ECP Response Body: Identity Provider Response

  9. Technology programme, http://tek.hip.fi The client forwards the SAML Assertion to the response consumer (SP). ECP Client Service Provider SOAP Envelope Headers: Body: Response Identity Provider

  10. Technology programme, http://tek.hip.fi The SP will register the client's login and redirect it to the initial resource. ECP Client Service Provider Identity Provider

  11. Technology programme, http://tek.hip.fi The SAML Assertion Contains information about the authenticated user <saml2:Attribute FriendlyName="cn" Name="urn:oid:2.5.4.3"> <saml2:AttributeValue xsi:type="xs:string">Tina Tester</saml2:AttributeValue> Simplifies authentication Username + password The assertion can be used with other services STS, Hydra ...

  12. Technology programme, http://tek.hip.fi Example: STS SAML Assertion ECP Client STS e.g. X509 Certificate Headers: Headers: SAML Assertion BinarySecurityToken Body: Body: RequestSecurityToken SecurityTokenResponseCollection UseKey

  13. Technology programme, http://tek.hip.fi Demonstration :)

  14. Technology programme, http://tek.hip.fi Questions? ECP? Assertion? PAOS?

Recommend


More recommend