Questions tagged [saml-2.0]

Security Assertion Markup Language 2.0 (SAML 2.0) is a standard providing means to exchange authentication and authorization data between security domains. It is typically used to achieve cross-domain single sign-on (SSO) and creation of security tokens.

1
vote
1answer
8 views

SAML2 Set AuthMode to active later on the app

I'm using https://github.com/Sustainsys/Saml2 library for our app SAML2 SSO. I would like to set the AuthMode to active later on the app, the reason behind this is not all of our clients use SAML2 so ...
0
votes
1answer
23 views

Sustainsys Saml2 library for ASP.NET MVC with FormsAuthentication

I have integrated Sustainsys Saml2 library with my ASP.NET MVC 5 website. I am able to get the SSO Login done by OneLogin, but when I am trying to redirect to my [Authorize] pages (Dashboard), always ...
0
votes
1answer
19 views

AWS Federated User - multiple aws accounts?

I'm not sure wether or not this is possible. We have a couple of different Amazon Web Service Accounts, in this case let us just call them: Test environment 1 Test environment 2 Production environment ...
0
votes
0answers
29 views

SAML 2 - openSAML - Sign and Encrypt Assertion

We are the IDP and we implemented SAML 2 using openSAML 3.2 library. We are integrating with one of our SPs and it works fine if we sign the assertion and encryption is disabled on our side. If we ...
0
votes
1answer
12 views

Kentor/Sustainsys redirects back to SP after receiving LogoutResponse from IDP

In my application Kentor v.21 single logout works fine for different IDP-s. However one particular IDP after logging out sends the LogoutResponse back to SP. In SP log I see the line: Received logout ...
0
votes
0answers
7 views

Single sign on using Owin.Security.Saml in Asp.net MVC

We need integrate single sign on using Owin.Security.saml in Asp.net Mvc Please help us for this. currently we have login with normal and social media. but also need to single sign on with intranet ...
0
votes
0answers
38 views

How to authenticate a user against multiple microservices?

I have 2 Spring boot application that are accesses by the same Angular Client. I use Azure AD SAML 2.0 for authentication; however, when I use an end point in one of the services and go back to the ...
0
votes
1answer
13 views

How to set WantAuthnRequestsSigned=“true” in saml app in Okta

I am creating a SAML 2.0 app in OKTA developer account, after creation when I go look at IdentityProvider metadata I always see WantAuthnRequestsSigned="false" how can I set it to ...
0
votes
0answers
9 views

Issue with Saml and Spring Security delegateBuilder cannot be null

I have implemented the saml2.0 Security and spring security for the existing code using kristophjunge/test-saml-idp docker (https://hub.docker.com/r/kristophjunge/test-saml-idp/). Facing issue with ...
0
votes
0answers
20 views

No Saml2 Response found in the http request

Can someone explain why 1 scenario is working as expected but another one is not? I am getting an error when redirecting from IDP after authentication. Exception: No Saml2 Response found in the http ...
0
votes
1answer
25 views

Assume role from aws cli with SAML

I'm trying to generate aws credentials using aws sts assume-role-with-saml from this documentation However I'm getting errors and I don't really understand, the flow. Normally I've a main account ...
0
votes
0answers
23 views

Getting error when acceessing the spinnaker from AWS SSO

I have deployed spinnaker on kubernetes with helm charts and configured AWS SSO. While accessing the application, I'm getting below error. {"error":"Internal Server Error","exception":"java.lang....
0
votes
0answers
21 views

Silent SAML Authentication using Auth0 as Identity Provider

What I'm trying to do is a Silent Authentication with Auth0 as Identity Provider using SAML 2.0 protocol. I don't want to use the Auth0 SDK because the purpose of the Server Provider is to be able to ...
0
votes
0answers
48 views

Trying to Implement SAML 2.0 with ColdFusion 11

Message Could not find a resolver for URI 57B9D321-DB61-06DF-FCD55B10E90EC81F and Base RootCause Cause Message Could not find a resolver for URI 57B9D321-DB61-06DF-FCD55B10E90EC81F and ...
0
votes
0answers
10 views

Google 400 error no saml message present in request

I am trying to setup my G-Suite account to behave as an SSO solution to access another web app supporting authentication through SAML2. However went trying to using the SSO Service URL provided I ...
0
votes
0answers
7 views

my mvc application is getting logout after some time [30m] of inactivity and when I click on any link of site

my mvc application is getting logout after some time [30m] of inactivity and when I click on any link of site. when i checked Request.IsAuthenticated is comming as false. i am using pingidentity as ...
0
votes
0answers
13 views

What G-Suite URLs can accept a SAML assertion?

We're in a bit of a bind: we have a customer that has configured an Identity provider to provide single-sign-on to G-Suite via SAML and they've configured the IdP to send the SAML assertions (the ...
0
votes
1answer
13 views

I have a question on SAML session management and Single Logout Option (SLO)

I am new to SAML, and I have gone through the specs once. My question is: if I logged on through two machines or two different browers (eg. Firefox and Chrome) on the same machine, does SAML create ...
1
vote
0answers
21 views

Integrating with Google SSO SAML

I am trying to integrate Google SSO with an application. During the Google wizard to create the application it provides an SSO Url in the form of but I can't find much documentation about how to use ...
0
votes
0answers
15 views

How to send certificate in samlResponse

I'm trying to implement a SAML login with Passport JS and in my config file I've set the path, entry point, issuer, entityID, and certification. But for some reason, when I check the SAML response ...
0
votes
0answers
6 views

apache SSO/SAML2 with auth_mod_mellon - endpoints

I'm trying to implement a SSO saml2 on an Angular 4 application and I'm a little bit stumped about the minimal requirements for it to work, precisely with the part about the endpoints : Practically ...
0
votes
1answer
27 views

Java SAML2 SSO client

I want to connect to a SAML2 SSO identity provider with java so that I can then connect to some web endpoints and make authenticated requests. I looked at the Java libraries at https://github.com/...
1
vote
0answers
30 views
+50

OneLogin php saml - Issues with SAML response

I have integrated OneLogin using php-saml to connect to our idp service. In our staging environment, everything works fine with the setup we are using. I am running into an issue using those same ...
0
votes
0answers
36 views

How to implement SAML authentication process?

I have a web application, which is hosted on azure. It has token based authentication system and custom role based authorization. Now i want to redirect into this application via some other ...
1
vote
1answer
58 views

Spring SAML: SAML message intended destination endpoint did not match recipient endpoint

I am getting 'Caused by: org.opensaml.xml.security.SecurityException: SAML message intended destination endpoint did not match recipient endpoint' exception while SSO between my app SP and client IdP. ...
1
vote
0answers
40 views

Desktop application accessing AWS with Azure AD federation SSO

I have a desktop application that has the ability to access AWS S3 buckets. Our enterprise uses Azure AD for user management. What we would like to accomplish is to Authenticate users in our ...
0
votes
1answer
18 views

Signing SAML2 AuthnRequest with ECDSA-SHA256 in LightSAML SP Bundle

In IdP definition that the bundle uses, among other things, to generate AuthnRequest: HOW/WHERE do I specify that I want the AuthnRequest signed e.g. with ECDSA-SHA256? Do I have to override a ...
0
votes
1answer
8 views

Sign SAML messages - LightSAML SPBundle Configuration

In the bundle - what configuration or service override do I have to perform for the library to sign SAML messages before sending?
0
votes
2answers
17 views

How to capture the SAML response of a request in which hidden SAML POST is present?

I would like to capture the SAML Response from a URL request made which uses hidden SAML authentication. I am able to see the response in Fiddler but how to save it for further analysis. Post the ...
0
votes
1answer
17 views

OneLogin SAML2 Invalid Schema

I am in the process of integrating OneLogin for SAML2 authentication. I have this working just fine in our QA servers but my production environment is throwing an error. Warning: DOMDocument::...
2
votes
0answers
51 views

Spring SAML: SAMLException: Unsupported request

I am getting Caused by: org.opensaml.common.SAMLException: Unsupported request at org.springframework.security.saml.processor.SAMLProcessorImpl.getBinding(SAMLProcessorImpl.java:265) ~[spring-...
0
votes
1answer
28 views

Configure UAA cloudfoundry using uaa.yml

I try to use only UAA service without cf, and other services. Using Quick Start i've installed UAA service at vmware vSphere virtual machine with Cent OS 7. I set hostname to vm. I run it using: ...
0
votes
1answer
31 views

Spring Security SAML Service Provider Metadata Generation

Hello Spring Security SAML pros and enthusiasts alike, For instance, Service Provider metadata generation yields something like <md:AssertionConsumerService Location="http://localhost:8080/<...
0
votes
0answers
12 views

onelogin saml IDP connector configuration

Hi I have onelogin trial account and tried out configuring multiple given saml idp connectors. SP based authentication works with all connectors, but i am unable to set the users assigned groups ...
0
votes
0answers
8 views

passport-saml issues with auth0

i am trying to implement a SAML authentication process in our application. Please correct me if i am wrong. they service provider is out application, we are going to use the IDP which is in our case ...
0
votes
0answers
33 views

Moving between sites (https) using SAML SSO using Sustainsys.Saml2 library

I am implementing Single sign-on through SAML2 using “Sustainsys.SAML” library . I have 2 .NET web application running in same machine using https. These 2 application are standard ASP.NET based ...
0
votes
1answer
31 views

How can I get roles or groups from Azure SAML 2.0 Application in Spring Boot

I have a spring boot application where I need to limit access for specific endpoints. So far I can authenticate against Azure using SAML 2.0. This is the main configuration of the authentication in ...
0
votes
0answers
36 views

How to fetch SAML Assertion from ADFS for AWS STS in Java

I need to fetch temporary credentials from AWS STS. Using below AWS SDK api: AssumeRoleWithSAMLRequest samlreq =new AssumeRoleWithSAMLRequest().withPrincipalArn(principalARN).withRoleArn(roleARN)....
0
votes
0answers
13 views

Spring SAML2 failing with authentication failure when using with layer 7 reverse proxy

I have a Angular web app configured with SSO. It checks for the in active session and routes it to a Spring Saml2 microservice. Both web app and microservice are behind layer 7 reverse proxy since it ...
0
votes
1answer
32 views

OneLogin Signed Authnrequest HTTP-Redirect Method

From what I have found OneLogin test connectors by default do not require a signed Authnrequest. The Authnrequest made with HTTP-Redirect works fine without a signature. I am able to authenticate my ...
1
vote
1answer
42 views

Dynamically add a SAML2 authentication provider using Sustainsys.Saml2 in ASP.NET Core

I'm trying to dynamically add a SAML2 authentication scheme using IAuthenticationSchemeProvider in ASP.NET Core and the Sustainsys.Saml2 library: schemeProvider.AddScheme(new AuthenticationScheme("...
0
votes
1answer
19 views

Can I set the email address from SP to Idp request?

When initiating a SAML authentication request (from the Service Provider), is there any way to give the Identity Provider the username/email address to set as a default on login screen? I'd like that ...
0
votes
1answer
33 views

How can I enable SSO strict mode if the issuer and identity provider ID are different?

I am working in a project that I recently inherited to make it production ready. One of the tasks is to enable strict mode for SSO, however once I do this it immediately fails. I am utilizing the '...
0
votes
0answers
25 views

403 forbidden error after request coming from SAML endpoint to redirect URL in Keycloak

The SAML endpoint is http://host.port:8027/saml. The main application has tomcat and the adapter is all set. So, after logging with the user credentials on Keycloak login page, the request is going ...
0
votes
0answers
13 views

AWS AD-FS + SAML with with MFA Support

We have been able to set up AD FS with SAML for our AWS accounts, as outlined here and also here, but have had the added request to implement MFA in top of this, I am at a loss as I have not seen any ...
0
votes
1answer
34 views

Trying to implement multiple ACS support with OneLogin

We are trying to implement SSO, using OneLogin as the IdP with our Cisco Call Manager cluster using a single agreement for all the servers in the cluster. This just basically means that our metadata ...
0
votes
0answers
15 views

For SSO, how to know the client machine is in within the domain or not

I have implemented sso using saml for ADFS for webapplication. To display the ADFS login page the client machine should be in the same network.How to know whether the client machine is within the ...
0
votes
0answers
34 views

SimpleSamlPhp - Idp initiated use laravel and library

I am using the laravel library (5.5) and simplesamlphp library (1.16) to start an idp initiated saml process. When a user logs into my laravel application they have the ability to click on a link to ...
0
votes
0answers
48 views

SAML2 exception inresponsetofield of the response doesn't correspond to sent message

We use 'spring-security-saml2-core:1.0.4.RELEASE' to implement SSO. But in one case, we will get this error:'InResponseToField of the Response doesn't correspond to sent message ...
0
votes
1answer
31 views

Azure B2C - Assertion not signed. Policy requires signed assertions

Looking for some help with custom policies on Azure B2C tentant. I've followed the steps on this site https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-...

http://mssss.yulina-kosm.ru