Skip to main content

All Questions

Ask Question
Tagged with
27 questions
Newest Active Bountied Unanswered
1 vote
1 answer
562 views

How can I fully trust a SAML IDP?

My web application is allowing SSO via SAML authentication and I am doing the development now. The idea is that this by-passes my application's local authentication and the user is automatically ...
Shumii's user avatar
Shumii
  • 4,559
0 votes
1 answer
1k views

How to setup a single SAML app for all the tenants of multi-tenant app(having different domain urls)?

App Architecture: We have a multi-tenant setup where every tenant has its own URL. Every tenant has its own schema and configurations. Problem: We need a single SAML app that could be integrated ...
katiyarhrithik's user avatar
katiyarhrithik
  • 11
0 votes
1 answer
2k views

SSO using SAML with Spring Security for REST service

I have a REST service on Spring Boot and now need to add SSO using SAML into it. I'm a new on SAML / Spring Security and trying to understand main pieces which need to add into the my application. My ...
Yuri's user avatar
Yuri
  • 21
0 votes
0 answers
72 views

Can SAML send assign/send the same browser id for two users who have different authentication user id's

I am not a Security Engineer, but here is the issue. Two users (A & B) live in different states. Each user log into network with assigned user id and passwords. One day a User A logged into an ...
Daniel's user avatar
Daniel
  • 13
0 votes
1 answer
2k views

Understanding Entity ID when URI is URL should I use HTTP or HTTPS

When setting up an SSO solution, in my case using Okta, there are the following elements to define: IdP Server Issuer/Entity ID - http://www.okta.com/dskjeoirueiuaksjdkfj SP Issuer/Entity ID - http:/...
Shogun's user avatar
Shogun
  • 3
0 votes
1 answer
3k views

How to prevent replay attack in IDP initiated SSO using SAML2

In IDP initiated SSO, SAML response from IDP could be prone to replay attacks. Since SP has no awareness about the IDP initiated session till it gets the response, what are the possible ways to ...
Shatiz's user avatar
Shatiz
  • 807
0 votes
1 answer
66 views

How to ensure linking a user via SAML request is legitimate?

I am setting up basic SAML support for a web application. Each user this application (identified by email address) can belong to multiple organisations/companies of the application. I would like to ...
docstun's user avatar
docstun
  • 90
4 votes
0 answers
774 views

Keycloak SSO with SAML via webservice call/java api

I'm currently working on a keycloak client to authentificate the user with SAML 2.0. Instead of redirecting the user to the login page, we want to authentificate the user directly over a webservice ...
Xevak's user avatar
Xevak
  • 41
2 votes
1 answer
129 views

Providing proper security for SAML service provider

I'm adding SSO feature to my service to allow customers login with their AD accounts. To provide this I use SAML component from componentpro.com What is correct way to perform security interaction: ...
Gil's user avatar
Gil
  • 123
1 vote
1 answer
285 views

Spring saml SSO

I have a portal application developed using spring security and mvc framework. This portal application connects to IDP (Developed using Spring security and spring saml) for authentication. if the user ...
Ed goo's user avatar
Ed goo
  • 35
0 votes
0 answers
481 views

Single Sign On : Get user name pc before authentication on Identity Provider

Well, I am new in security (SSO, SAML, etc). The scenario We have a Web Application , we want to catch user name (for example windows user) before it has been sent to be authenticated with the ...
Ivan YC's user avatar
Ivan YC
  • 21
2 votes
2 answers
2k views

use X509Certificate field in SAML assertion or an external cert file.

As Identity Provider we send a SAML assertion request to Service Provider and then they validate our signature in assertion using our certificate. SAML assertion contains an optional field called ...
iman's user avatar
iman
  • 319
0 votes
1 answer
83 views

start a SAML SSO transaction from the identity provider

Consider this schema https://developers.google.com/google-apps/sso/saml_reference_implementation. User will go to the service provider and from there redirected to the identity provider. But, In my ...
Itay Moav -Malimovka's user avatar
Itay Moav -Malimovka
  • 53.3k
0 votes
1 answer
317 views

SAML service provider signature verification

This is a basic question about SAML protocol and how it specifies verification of a SAML token. Looking an different diagrams and resources, it looks like the service provider doesn't need to make ...
user1459144's user avatar
user1459144
  • 2,957
1 vote
2 answers
1k views

Can SAML Assertions Be Modified In Transit?

Is there anything to stop a user modifying a SAML assertion being sent to a service provider? For example, if a SAML response identifies a user to the service provider by email address, is there ...
paulioc's user avatar
paulioc
  • 53

15 30 50 per page
1
2