exploring the saml 2 0 ecp profile
play

Exploring the SAML 2.0 ECP-Profile Development of a client and a - PowerPoint PPT Presentation

May 05, 2023 •208 likes •365 views

Technology programme, http://tek.hip.fi Exploring the SAML 2.0 ECP-Profile Development of a client and a service provider prototype Carolina Lindqvist HIP summer student at CERN carolina.lindqvist[at]cs.helsinki.fi

  1. Technology programme, http://tek.hip.fi Exploring the SAML 2.0 ECP-Profile Development of a client and a service provider prototype Carolina Lindqvist HIP summer student at CERN carolina.lindqvist[at]cs.helsinki.fi https://github.com/lindqvist/simple-ecp-client

  2. Technology programme, http://tek.hip.fi Enhanced Client or Proxy (ECP) The ECP Profile The ECP-client and the Service Provider Process flow Messages Demo

  3. Technology programme, http://tek.hip.fi GET https://www.example.com/resource ECP Client Service Provider Accept=text/html; application/vnd.paos+xml PAOS=ver=”urn:liberty:paos:2003-08”; ”urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp” Identity Provider

  4. Technology programme, http://tek.hip.fi SP issues AuthnRequest ECP Client Service Provider SOAP Envelope Headers: PAOS Request ECP Request Body: Identity Provider AuthnRequest

  5. Technology programme, http://tek.hip.fi ECP Client Service Provider Client forwards AuthnRequest to IdP SOAP Envelope Headers: Body: Identity Provider AuthnRequest

  6. Technology programme, http://tek.hip.fi ECP Client Service Provider The IdP asks the client to identify themselves Identity Provider

  7. Technology programme, http://tek.hip.fi ECP Client Service Provider The client provides the IdP with a username and a password. Identity Provider

  8. Technology programme, http://tek.hip.fi ECP Client Service Provider If the authentication succeeds, the IdP sends a SAML Assertion to the client. SOAP Envelope Headers: ECP Response Body: Identity Provider Response

  9. Technology programme, http://tek.hip.fi The client forwards the SAML Assertion to the response consumer (SP). ECP Client Service Provider SOAP Envelope Headers: Body: Response Identity Provider

  10. Technology programme, http://tek.hip.fi The SP will register the client's login and redirect it to the initial resource. ECP Client Service Provider Identity Provider

  11. Technology programme, http://tek.hip.fi The SAML Assertion Contains information about the authenticated user <saml2:Attribute FriendlyName="cn" Name="urn:oid:2.5.4.3"> <saml2:AttributeValue xsi:type="xs:string">Tina Tester</saml2:AttributeValue> Simplifies authentication Username + password The assertion can be used with other services STS, Hydra ...

  12. Technology programme, http://tek.hip.fi Example: STS SAML Assertion ECP Client STS e.g. X509 Certificate Headers: Headers: SAML Assertion BinarySecurityToken Body: Body: RequestSecurityToken SecurityTokenResponseCollection UseKey

  13. Technology programme, http://tek.hip.fi Demonstration :)

  14. Technology programme, http://tek.hip.fi Questions? ECP? Assertion? PAOS?

Recommend

SAML 2.0: LECP Solution Proposal Work Plan Item W-5a Frederick Hirsch 23 October 2003 Intent:

SAML 2.0: LECP Solution Proposal Work Plan Item W-5a Frederick Hirsch 23 October 2003 Intent:

SAML 2.0: LECP Solution Proposal Work Plan Item W-5a Frederick Hirsch 23 October 2003 Intent: Add an additional profile Web Browser Artifact Profile Web Browser POST Profile LECP Profile Use Case Mobile phone user accesses web

469 views • 14 slides
SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline

SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline

Fondation RESTENA euroCAMP 04 April 2006 SAML 1.1 and its uses in eduGAIN Stefan Winter &lt;stefan.winter@restena.lu&gt; 1 Outline SAML 1.1 overview Abstract operations vs. SAML profile Abstract operations: changes since

165 views • 14 slides
Google&lt;-SAML-&gt;Zscaler Integration Agenda n What is SAML? n AAA, Testing,

Google&lt;-SAML-&gt;Zscaler Integration Agenda n What is SAML? n AAA, Testing,

Summer Webinar Series Google&lt;-SAML-&gt;Zscaler Integration Dianne Dunlap (ddunlap@mcnc.org, 919-248-8439) Client Network Engineering Webinar Links: www.mcnc.org/cne-webinars Google&lt;-SAML-&gt;Zscaler Integration Agenda n What is

899 views • 63 slides
WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest / Hungary Agenda Education &amp; Research Identity Federations SAML Terminology Overview of SAML auth call flow WebRTC Identity model

1.09k views • 52 slides
Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID Terminology OpenID OpenID OpenID Consumer Identity Provider SAML 2.0 Terminology SAML 2.0 SAML 2.0 Service Provider Identity Provider What is

427 views • 16 slides
OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

Shib Shibbolet oleth Develo Developmen ent a t and Su d Supp pport Services t Services OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm, 7 May 2008 EuroCAMP, Stockholm, 7 May 2008 Shib

666 views • 20 slides
A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel Matranga Access Delegation in distributed environments SAML 2.0 Condition to Delegate Implementation Future plans Access Delegation in distributed

666 views • 18 slides
Making the most of Unifrog First Steps Exploring Pathways Recording What Youve Done

Making the most of Unifrog First Steps Exploring Pathways Recording What Youve Done

27 th April 2020 Making the most of Unifrog First Steps Exploring Pathways Recording What Youve Done You dont want it to look like this!!!!!!!!!!!! Exploring Pathways Personality/Interests Profile MOOCS Useful online courses

145 views • 13 slides
Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing

Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing

Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing LastN Nightly support Statistics and logging system News Atlassian has just acquired Blue Jimp, Jitsi will continue to evolve as an

795 views • 17 slides
Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri Demchenko, Leon Gommans, Cees de Laat System and Network Engineering Group University of Amsterdam POLICY2007 Workshop 13-15 June 2007, Bologna Outline

532 views • 25 slides
Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos &amp; SAML John Hughes, Entegrity Solutions Tim

Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos &amp; SAML John Hughes, Entegrity Solutions Tim

Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos &amp; SAML John Hughes, Entegrity Solutions Tim Alsop, CyberSafe Limited Current Document Progress Two documents : Generalised AuthnRequest Profiles Working Draft 02, 1st February 2004

239 views • 7 slides
Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL Bob Morgan University of Washington and Internet2 TERENA TF-EMC2 Florence, Italy March 2007 Trust management in SAML Trust management in SAML

566 views • 9 slides
Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About

Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About

Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About InCommon Federated security incident response Security contacts in metadata Metadata integrity Examples and statistics Open questions

463 views • 12 slides
SEISMIC EXAMPLE OF SEISMIC EXAMPLE OF MIOCENE TOE-THRUST MIOCENE TOE-THRUST EXAMPLE OF LOWER

SEISMIC EXAMPLE OF SEISMIC EXAMPLE OF MIOCENE TOE-THRUST MIOCENE TOE-THRUST EXAMPLE OF LOWER

E QUATOR E XPLORATION L IMITED E QUATOR E XPLORATION L IMITED Exploring West African Waters Exploring West African Waters Investor Presentation - June 2005 Investor Presentation - June 2005 E QUATOR CORPORATE PROFILE E QUATOR CORPORATE PROFILE

935 views • 38 slides
Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007

Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007

Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007 Tokens, Protocols, Bindings, and Profiles Tokens are requests and assertions Protocols bindings are communication mechanisms for transfer of

324 views • 19 slides
Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel

Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel

Keystone and SAML in multi-tenant environments Two concepts get together Alex Alex Stel ellwag, Open Telekom Cloud Architect ,T-Systems Yue uefen eng Pan an, Senior Cloud Solutions Architect, Huawei Open Telekom Cloud 26.06.2017 1

294 views • 28 slides
SimpleSAMLphp EuroCAMP 2010 Olav Morken olav.morken@uninett.no SimpleSAMLphp Mainly a SAML

SimpleSAMLphp EuroCAMP 2010 Olav Morken olav.morken@uninett.no SimpleSAMLphp Mainly a SAML

SimpleSAMLphp EuroCAMP 2010 Olav Morken olav.morken@uninett.no SimpleSAMLphp Mainly a SAML 2.0 Service Provider and Identity Provider 2 Targets the SP lite and IdP lite profiles (with some limitations) Written entirely in PHP

713 views • 29 slides
Enabling SAML 2.0 in a wiki Anders Lund (UNINETT) Andreas kre Solberg (UNINETT) Software used

Enabling SAML 2.0 in a wiki Anders Lund (UNINETT) Andreas kre Solberg (UNINETT) Software used

Enabling SAML 2.0 in a wiki Anders Lund (UNINETT) Andreas kre Solberg (UNINETT) Software used - Dokuwiki http://wiki.splitbrain.org/wiki:dokuwiki - OpenSSO PHP Extension (lightbulb) https://lightbulb.dev.java.net/ Dokuwiki Pluggable

314 views • 15 slides
Creating The Perfect Giving Day Profile How to develop an engaging and eye catching profile to

Creating The Perfect Giving Day Profile How to develop an engaging and eye catching profile to

Creating The Perfect Giving Day Profile How to develop an engaging and eye catching profile to share with your supporters Getting Ready Define Your Goals What do you want people to feel when they view your profile? What do you

800 views • 22 slides
Exploring the Effects of Socioeconomic Exploring the Effects of Socioeconomic and Demographic

Exploring the Effects of Socioeconomic Exploring the Effects of Socioeconomic and Demographic

Exploring the Effects of Socioeconomic Exploring the Effects of Socioeconomic and Demographic Variables on Household Expenditures Expenditures Consumer Expenditure Survey Program Data Users Needs Forum B Bureau of Labor Statistics f L b

580 views • 11 slides
Users' consent - simple as SAML David Simonsen = FED. C FED. (USA) FD. FED. r o

Users' consent - simple as SAML David Simonsen = FED. C FED. (USA) FD. FED. r o

Users' consent - simple as SAML David Simonsen = FED. C FED. (USA) FD. FED. r o Kalmar Kalmar FED. Kalmar s s f e d FED. g e e d g e w l d n o w l e K o e K n g e e d w l n o K r FED. a e n g

480 views • 21 slides
60 Trillion ACTIVITY Go to Mormon.org. Start a profile or add something new to your profile.

60 Trillion ACTIVITY Go to Mormon.org. Start a profile or add something new to your profile.

The estimated size of Googles index of Individual Web Pages is over 60 Trillion ACTIVITY Go to Mormon.org. Start a profile or add something new to your profile. You have 3 minutes! Go! FOLLOW-UP What did you write? What else could you

282 views • 25 slides
EXPLORE ARIZONA THROUGH DATA FOCUS ON STUDENT DATA OVERVIEW WELCOME! EXPLORING DATA

EXPLORE ARIZONA THROUGH DATA FOCUS ON STUDENT DATA OVERVIEW WELCOME! EXPLORING DATA

EXPLORE ARIZONA THROUGH DATA FOCUS ON STUDENT DATA OVERVIEW WELCOME! EXPLORING DATA LITERACY EXPLORING INTERACTIVE FACT BOOK EXPLORING STUDENT RETENTION &amp; GRADUATION DATA EXPLORING CURRICULAR FLOW DATA CONCLUSION 2 A

994 views • 72 slides
Applicant Profile (all applications): Breadcrumbs across the top are always visible.

Applicant Profile (all applications): Breadcrumbs across the top are always visible.

Applicant Profile (all applications): Breadcrumbs across the top are always visible. Profile will pre-fill from previous entry. Profile is always editable. If applicants need to change their name, email, or address they

259 views • 15 slides

More recommend