SAML Request - Declare Multiple Protocol Bindings -

-

I have implemented a SAML service provider to support Single Sign On for ASP.NET Web Portal, which is a Shrink-wrap software is configured on customers' sites and should be able to interact with any SAML-compliant identity provider.

My Attendance Consumer Service (ACS) page will accept SAML response through both GET and Post methods.

As I understand the SAML protocol, SAML request protocolbinding property specifies which protocols are supported for feedback I currently , My request specifies HTTP-Redirect binding. However, I would like to announce that I support both HTTP-Redirect (GET) and HTTP-POST (POST). After searching through more SAML documentation, I care about repeating, I am unable to find syntax to declare several supported protocol bindings (or it is also valid for doing so).

When I can declare this configurable, my priority will be to declare both bindings so that the identity provider works without additional configuration of my portal.

Below is a sample of my authentication request Please, if any protocol knows a way to declare both HTTP-Redirect and HTTP-POST for binding, then I appreciate your input! 

  & lt ;? Xml version = "1.0" encoding = "utf-8" & gt; & Lt; Samlp: AuthnRequest xmlns: samlp = "Kalash: oasis: Name: TC: SAML: 2.0: Protocol" id = "[AUTHN_ID]" version = "2.0" IssueInstant = "[ISSUE_INSTANT]" ProtocolBinding = "Kalash: Oasis: Names. Tc: SAML.0: Bindings: HTTP - Redirect "ProvanName =" [PROVIDER_NAME] "Assistance Consumer Service Service =" [ACS_LL] "& gt; & Lt; Saml: Issuer xmlns: saml = "Pulse: Oasis: Name: TC: SAML: 2.0: Claim" & gt; PortalEntityID & lt; / Saml: Issuer & gt; & Lt; Samlp: Allow NameIDPolicyPlease = "true" format = "vase: oasis: name: tc: SAML: 1.1: named-format: unspecified" /> & lt; / Samlp: AuthnRequest & gt;

Thanks in advance to anyone who can help!

After the

ProtocolBadding attribute on AuthnRequest is used to specify the binding required by its IDAP when its SAML Response XML is sent due to possible length restrictions on URL QuickString HTTP-Redirect is not a valid option to use here; A SAML response, especially if it is signed, it can be too long. I will be quote from SAML Imagery [SAMLProf]:

... Issuer Issuer Issues & lt; Response & gt; Message Service Providers can be used to transfer messages to the service provider through either the HTTP POST or HTTP artifact binding user agent to distribute the user agent. The message may point to an error, or it will contain a claim of (at least) authentication. HTTP redirection binding should not be used, as the response typically will exceed the URL length allowed by most user agents.

Comments

Post a Comment

Popular posts from this blog

c# - How to capture HTTP packet with SharpPcap -

-
I would like to capture all incoming HTTP packets on my machine. To do this, I am using SharpPcap which is a WinPcap The cover is. SharpPcap works very well, but it captures TCP packets and what it wants to do for me is a very low level. Does anyone know how can I easily get full HTTP requests / reactions from all these TCP packets? Thanks SharpPcap is already able to capture the packet in the same way That's what the virus does (just in the code instead of the GUI). And you can either either parse them directly or you can put them in the drive in the common .pcap file format. The steps to parse the capture are: Open a connection at any time Loop a while Or start capturing using an event callback Parsing the raw packet for the type you want If you are reading .PPP dump files In addition to calling you an offline capture reader is almost the same, there is no need to select an interface, and you can set the majority There is no need to do the modes. All st...
Read more

php - Multiple Select with Explode: only returns the word "Array" -

-
By using Wordpress I have created a multiple selection box so that users can select categories to exclude. When the page is initially loaded, I see my predefined default option. However, when I select a new value and I save ... I only see the word "Array" and have not chosen anything else? & lt; Class = "amultiple" id = "& lt; php echo $ value ['id'] ;? gt;" name = "& gt; php echo $ value ['id'] ;; gt; []" Multiple = "multiple" size = "8" & gt; & Lt ;? Php global option; Foreign currency ($ value as value $) {if (get_settings ($ value ['id']) === FALSE {$$ value ['id'] = $ value ['std']; } And {$$ value ['id'] = get_settings ($ value ['id']); }} $ Ranges = & amp; Amp; Categories ('type = post & orderbiz = name & amp; hide_empty = 1'); If ($ ranges) {$ ex_cat = implode (',', $ tt_cat_exclude); Forex Currency ($ range a...
Read more

php - jQuery AJAX Post not working -

-
I do not understand why this script does not work. It has something to do within AJAX PostScript / Function. Right now, when I submit my form, it runs php code on the same page. What it should do, send the values ​​of the form for Project_Azax.fp, then there will be a refund of success on the page which is correct or false. $ (document) .ready (function () {$ ('div # didIt'). Hide (); $ ('form [name = adminForm]'). Submit (function () ($ {'.post' ('/ project_ajax.php', {action: $ ('[name = action]') Val (), pId: $ ('[name = pId]'). Val (), name ('[Name = name]'. Val (), url: $ ('[url = url]'). Val (), summary: ('[summary = summary]'). Val ()}, Function (data) {if (data.success) {$ ('div # didIt') .Sliddown ('slow');} and {warning ('unsuccessful SA!');}}, 'Jason'); return false ;});}); What is the code for project_ajax.php below ... if ($ _ POST ['action'] == ...
Read more