Re: [DISCUSS] SAML 2.0 Service Provider feature

[Francesco Chicchiriccò]

After discussing with Colm on IRC, I went ahead and merged the PR.
Regards.

On 30/03/2017 14:30, Francesco Chicchiriccò wrote:

On 30/03/2017 11:42, Colm O hEigeartaigh wrote:

Hi Francesco,

Good work!


Thanks sir :-)


A few questions for you:

a) Is there any documentation available on how to set this up for a 
Syncope

deployment? I'll give it a try once there is.


There is something in the (updated) reference guide:

https://github.com/Tirasa/syncopeSAML2SP/blob/SYNCOPE-1041/src/main/asciidoc/reference-guide/concepts/extensions.adoc#saml-20-service-provider 



Essentially, you need to download the IdP metadata into one XML file, 
then go into Admin Console > Extensions > SAML 2.0 and import.


Then, edit the created IdP entry to set the appropriate mapping; I 
have been using:


* username -> uid for TestShib
* email -> EmailAddress for SSO Circle

Now download SP metadata from the second tab from the same page: 
please be aware to access the Syncope deployment with some FQDN and 
localhost, so that metadata URLs are generated accordingly.


SP metadata for Admin Console is also downloadable from

http://your.host.name:9080/syncope-console/saml2sp/metadata

Once downloaded, import such SP metadata into your SAML IdP.

Then edit one of the users so that the mapping above is verified; I 
did it by:


* setting username to 'myself' for TestShib (the test user available 
there)

* setting email value to the one for the user I created at SSO circle

Finally, log out from Admin Console: a new combo box is shown at the 
bottom of the login screen, from which you can choose one of 
configured IdPs: by selecting one, the SAML SSO process is triggered 
and - if all goes well - you will end up by logging into the Admin 
Console as the user authenticated via SAML.


The same feature is available for Enduser UI, but requires to 
download  / import into IdP some slightly different metadata:


http://your.host.name:9080/syncope-enduser/saml2sp/metadata


b) Does the code support both the "RP" and "IdP" initiated flows? Both
would be useful, although we could always add the other at a later 
stage if

not.


At the moment only SP-initiated is supported.


c) I see CXF's SAMLProtocolResponseValidator in the code but not the
SAMLSSOResponseValidator. The SAMLSSOResponseValidator takes are of
validating the SAML Response against the web SSO profile, or are you 
doing

this manually somewhere?


Exactly: most of checks performed by SAMLSSOResponsevalidator are done 
through SAML2SPLogic methods.


d) There are some TransformerFactory instances that need to have the 
secure

processing feature enabled.


"some"? There should be only one, actually: please suggest the 
modifications and I'll push a commit for that.

Thanks for reporting!

Regards.

On Tue, Mar 28, 2017 at 3:41 PM, Francesco Chicchiriccò 
 wrote:

Hi all,
I have just submitted the PR #45 containing my work for 
SYNCOPE-1041: it

basically introduces a new extension which allows to:

1. import IdP metadata and configure mapping to match internal users 
(also

via admin console)
2. export SP metadata
3. enable Admin Console and Enduser to perform SAML-based SSO

I have tested the feature with both

  https://www.testshib.org/

and

http://www.ssocircle.com/en/

Please note that, as kindly suggested by Colm and Sergey, I did not
re-implement the SAML assertion validation, but I did re-use
cxf-rt-rs-security-sso-saml.
At the moment, the code depends on WSS4J 2.1.9-SNAPSHOT, but 2.1.9 
should

be close enough.

Please let me have your feedback.
Regards.

On 07/03/2017 17:25, Francesco Chicchiriccò wrote:


On 07/03/2017 17:19, Colm O hEigeartaigh wrote:


Hi Francesco,

It's good to see support for SAML coming to Syncope. I'd encourage 
you to
re-use the functionality developed in CXF to validate the SAML 
Response

from the IdP:

https://github.com/apache/cxf/blob/master/rt/rs/security/sso
/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAML
ProtocolResponseValidator.java
https://github.com/apache/cxf/blob/master/rt/rs/security/sso
/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/
SAMLSSOResponseValidator.java

I spent a lot of time reading the specs and making sure the 
validation

rules were all followed :-)


That's very nice, thanks for the pointers!
Regards.

On Tue, Mar 7, 2017 at 11:00 AM, Francesco Chicchiriccò <

ilgro...@apache.org


wrote:
On 07/03/2017 11:56, Sergey Beryozkin wrote:

Hi Francesco
Not sure if it can be relevant for this work but at the CXF 
level we

have
this SAML SP support:

http://cxf.apache.org/docs/saml-web-sso.html,

something Colm and myself worked upon earlier on.

Thanks for the pointer, Sergey: I did already find it, though.
This does not completely fit in our scenario since here the idea 
is to

split the responsibilities in two: from one side the front-end
web-fragment
takes care of the SAML exchange, from the other side the Syncope 
core

(e.g.
the CXF application) works as 

Re: [DISCUSS] SAML 2.0 Service Provider feature

[Francesco Chicchiriccò]

On 30/03/2017 11:42, Colm O hEigeartaigh wrote:

Hi Francesco,

Good work!


Thanks sir :-)


A few questions for you:

a) Is there any documentation available on how to set this up for a Syncope
deployment? I'll give it a try once there is.


There is something in the (updated) reference guide:

https://github.com/Tirasa/syncopeSAML2SP/blob/SYNCOPE-1041/src/main/asciidoc/reference-guide/concepts/extensions.adoc#saml-20-service-provider

Essentially, you need to download the IdP metadata into one XML file, 
then go into Admin Console > Extensions > SAML 2.0 and import.


Then, edit the created IdP entry to set the appropriate mapping; I have 
been using:


* username -> uid for TestShib
* email -> EmailAddress for SSO Circle

Now download SP metadata from the second tab from the same page: please 
be aware to access the Syncope deployment with some FQDN and localhost, 
so that metadata URLs are generated accordingly.


SP metadata for Admin Console is also downloadable from

http://your.host.name:9080/syncope-console/saml2sp/metadata

Once downloaded, import such SP metadata into your SAML IdP.

Then edit one of the users so that the mapping above is verified; I did 
it by:


* setting username to 'myself' for TestShib (the test user available there)
* setting email value to the one for the user I created at SSO circle

Finally, log out from Admin Console: a new combo box is shown at the 
bottom of the login screen, from which you can choose one of configured 
IdPs: by selecting one, the SAML SSO process is triggered and - if all 
goes well - you will end up by logging into the Admin Console as the 
user authenticated via SAML.


The same feature is available for Enduser UI, but requires to download  
/ import into IdP some slightly different metadata:


http://your.host.name:9080/syncope-enduser/saml2sp/metadata


b) Does the code support both the "RP" and "IdP" initiated flows? Both
would be useful, although we could always add the other at a later stage if
not.


At the moment only SP-initiated is supported.


c) I see CXF's SAMLProtocolResponseValidator in the code but not the
SAMLSSOResponseValidator. The SAMLSSOResponseValidator takes are of
validating the SAML Response against the web SSO profile, or are you doing
this manually somewhere?


Exactly: most of checks performed by SAMLSSOResponsevalidator are done 
through SAML2SPLogic methods.



d) There are some TransformerFactory instances that need to have the secure
processing feature enabled.


"some"? There should be only one, actually: please suggest the 
modifications and I'll push a commit for that.

Thanks for reporting!

Regards.


On Tue, Mar 28, 2017 at 3:41 PM, Francesco Chicchiriccò  
wrote:

Hi all,
I have just submitted the PR #45 containing my work for SYNCOPE-1041: it
basically introduces a new extension which allows to:

1. import IdP metadata and configure mapping to match internal users (also
via admin console)
2. export SP metadata
3. enable Admin Console and Enduser to perform SAML-based SSO

I have tested the feature with both

  https://www.testshib.org/

and

http://www.ssocircle.com/en/

Please note that, as kindly suggested by Colm and Sergey, I did not
re-implement the SAML assertion validation, but I did re-use
cxf-rt-rs-security-sso-saml.
At the moment, the code depends on WSS4J 2.1.9-SNAPSHOT, but 2.1.9 should
be close enough.

Please let me have your feedback.
Regards.

On 07/03/2017 17:25, Francesco Chicchiriccò wrote:


On 07/03/2017 17:19, Colm O hEigeartaigh wrote:


Hi Francesco,

It's good to see support for SAML coming to Syncope. I'd encourage you to
re-use the functionality developed in CXF to validate the SAML Response
from the IdP:

https://github.com/apache/cxf/blob/master/rt/rs/security/sso
/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAML
ProtocolResponseValidator.java
https://github.com/apache/cxf/blob/master/rt/rs/security/sso
/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/
SAMLSSOResponseValidator.java

I spent a lot of time reading the specs and making sure the validation
rules were all followed :-)


That's very nice, thanks for the pointers!
Regards.

On Tue, Mar 7, 2017 at 11:00 AM, Francesco Chicchiriccò <

ilgro...@apache.org


wrote:
On 07/03/2017 11:56, Sergey Beryozkin wrote:

Hi Francesco

Not sure if it can be relevant for this work but at the CXF level we
have
this SAML SP support:

http://cxf.apache.org/docs/saml-web-sso.html,

something Colm and myself worked upon earlier on.

Thanks for the pointer, Sergey: I did already find it, though.

This does not completely fit in our scenario since here the idea is to
split the responsibilities in two: from one side the front-end
web-fragment
takes care of the SAML exchange, from the other side the Syncope core
(e.g.
the CXF application) works as back-end for the effective SAML assertion
validation and generation.

I'll look at the provided page and related implementation, anyway, thank
you very much 

Re: [DISCUSS] SAML 2.0 Service Provider feature

[Colm O hEigeartaigh]

Hi Francesco,

Good work! A few questions for you:

a) Is there any documentation available on how to set this up for a Syncope
deployment? I'll give it a try once there is.
b) Does the code support both the "RP" and "IdP" initiated flows? Both
would be useful, although we could always add the other at a later stage if
not.
c) I see CXF's SAMLProtocolResponseValidator in the code but not the
SAMLSSOResponseValidator. The SAMLSSOResponseValidator takes are of
validating the SAML Response against the web SSO profile, or are you doing
this manually somewhere?
d) There are some TransformerFactory instances that need to have the secure
processing feature enabled.

Thanks,

Colm.

On Tue, Mar 28, 2017 at 3:41 PM, Francesco Chicchiriccò  wrote:

> Hi all,
> I have just submitted the PR #45 containing my work for SYNCOPE-1041: it
> basically introduces a new extension which allows to:
>
> 1. import IdP metadata and configure mapping to match internal users (also
> via admin console)
> 2. export SP metadata
> 3. enable Admin Console and Enduser to perform SAML-based SSO
>
> I have tested the feature with both
>
>  https://www.testshib.org/
>
> and
>
> http://www.ssocircle.com/en/
>
> Please note that, as kindly suggested by Colm and Sergey, I did not
> re-implement the SAML assertion validation, but I did re-use
> cxf-rt-rs-security-sso-saml.
> At the moment, the code depends on WSS4J 2.1.9-SNAPSHOT, but 2.1.9 should
> be close enough.
>
> Please let me have your feedback.
> Regards.
>
> On 07/03/2017 17:25, Francesco Chicchiriccò wrote:
>
>> On 07/03/2017 17:19, Colm O hEigeartaigh wrote:
>>
>>> Hi Francesco,
>>>
>>> It's good to see support for SAML coming to Syncope. I'd encourage you to
>>> re-use the functionality developed in CXF to validate the SAML Response
>>> from the IdP:
>>>
>>> https://github.com/apache/cxf/blob/master/rt/rs/security/sso
>>> /saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAML
>>> ProtocolResponseValidator.java
>>> https://github.com/apache/cxf/blob/master/rt/rs/security/sso
>>> /saml/src/main/java/org/apache/cxf/rs/security/saml/sso/
>>> SAMLSSOResponseValidator.java
>>>
>>> I spent a lot of time reading the specs and making sure the validation
>>> rules were all followed :-)
>>>
>>
>> That's very nice, thanks for the pointers!
>> Regards.
>>
>> On Tue, Mar 7, 2017 at 11:00 AM, Francesco Chicchiriccò <
>>> ilgro...@apache.org
>>>
 wrote:
 On 07/03/2017 11:56, Sergey Beryozkin wrote:

 Hi Francesco
>
> Not sure if it can be relevant for this work but at the CXF level we
> have
> this SAML SP support:
>
> http://cxf.apache.org/docs/saml-web-sso.html,
>
> something Colm and myself worked upon earlier on.
>
> Thanks for the pointer, Sergey: I did already find it, though.

 This does not completely fit in our scenario since here the idea is to
 split the responsibilities in two: from one side the front-end
 web-fragment
 takes care of the SAML exchange, from the other side the Syncope core
 (e.g.
 the CXF application) works as back-end for the effective SAML assertion
 validation and generation.

 I'll look at the provided page and related implementation, anyway, thank
 you very much indeed.

 FYI, this class

 https://github.com/apache/wss4j/blob/trunk/ws-security-commo
 n/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java

 has been already extremely useful to me, since OpenSAML 3 documentation
 is
 practically absent.

 Regards.

 On 07/03/17 10:49, Francesco Chicchiriccò wrote:

> Hi all,
>> I have made a proposal at [1] and opened SYNCOPE-1041 for the purpose.
>>
>> I am already working on it, and it should be ready on time for Syncope
>> 2.0.3.
>>
>> The idea is to embed the whole implementation in a PR, with option of
>> further discussing before merge.
>>
>> Also, I would like to include, in the 2.0.3 release notes, a public
>> "thank you" statement to the University of Helsinki similar to the one
>> we made for 1.1.0 [2].
>>
>> WDYT?
>> Regards.
>>
>> [1] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCU
>> SS%5D+SAML+2.0+Service+Provider+feature
>> [2] https://cwiki.apache.org/confluence/display/SYNCOPE/Ad+libit
>> um#Adlibitum-1.1.0(April5th,2013)
>>
>
>> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: [DISCUSS] SAML 2.0 Service Provider feature

[Francesco Chicchiriccò]

Hi all,
I have just submitted the PR #45 containing my work for SYNCOPE-1041: it 
basically introduces a new extension which allows to:


1. import IdP metadata and configure mapping to match internal users 
(also via admin console)

2. export SP metadata
3. enable Admin Console and Enduser to perform SAML-based SSO

I have tested the feature with both

 https://www.testshib.org/

and

http://www.ssocircle.com/en/

Please note that, as kindly suggested by Colm and Sergey, I did not 
re-implement the SAML assertion validation, but I did re-use 
cxf-rt-rs-security-sso-saml.
At the moment, the code depends on WSS4J 2.1.9-SNAPSHOT, but 2.1.9 
should be close enough.


Please let me have your feedback.
Regards.

On 07/03/2017 17:25, Francesco Chicchiriccò wrote:

On 07/03/2017 17:19, Colm O hEigeartaigh wrote:

Hi Francesco,

It's good to see support for SAML coming to Syncope. I'd encourage 
you to

re-use the functionality developed in CXF to validate the SAML Response
from the IdP:

https://github.com/apache/cxf/blob/master/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java 

https://github.com/apache/cxf/blob/master/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java 



I spent a lot of time reading the specs and making sure the validation
rules were all followed :-)


That's very nice, thanks for the pointers!
Regards.

On Tue, Mar 7, 2017 at 11:00 AM, Francesco Chicchiriccò 

Re: [DISCUSS] SAML 2.0 Service Provider feature

[Francesco Chicchiriccò]

On 07/03/2017 17:19, Colm O hEigeartaigh wrote:

Hi Francesco,

It's good to see support for SAML coming to Syncope. I'd encourage you to
re-use the functionality developed in CXF to validate the SAML Response
from the IdP:

https://github.com/apache/cxf/blob/master/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
https://github.com/apache/cxf/blob/master/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java

I spent a lot of time reading the specs and making sure the validation
rules were all followed :-)


That's very nice, thanks for the pointers!
Regards.


On Tue, Mar 7, 2017 at 11:00 AM, Francesco Chicchiriccò 

Re: [DISCUSS] SAML 2.0 Service Provider feature

[Colm O hEigeartaigh]

Hi Francesco,

It's good to see support for SAML coming to Syncope. I'd encourage you to
re-use the functionality developed in CXF to validate the SAML Response
from the IdP:

https://github.com/apache/cxf/blob/master/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
https://github.com/apache/cxf/blob/master/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java

I spent a lot of time reading the specs and making sure the validation
rules were all followed :-)

Colm.

On Tue, Mar 7, 2017 at 11:00 AM, Francesco Chicchiriccò  wrote:

> On 07/03/2017 11:56, Sergey Beryozkin wrote:
>
>> Hi Francesco
>>
>> Not sure if it can be relevant for this work but at the CXF level we have
>> this SAML SP support:
>>
>> http://cxf.apache.org/docs/saml-web-sso.html,
>>
>> something Colm and myself worked upon earlier on.
>>
>
> Thanks for the pointer, Sergey: I did already find it, though.
>
> This does not completely fit in our scenario since here the idea is to
> split the responsibilities in two: from one side the front-end web-fragment
> takes care of the SAML exchange, from the other side the Syncope core (e.g.
> the CXF application) works as back-end for the effective SAML assertion
> validation and generation.
>
> I'll look at the provided page and related implementation, anyway, thank
> you very much indeed.
>
> FYI, this class
>
> https://github.com/apache/wss4j/blob/trunk/ws-security-commo
> n/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java
>
> has been already extremely useful to me, since OpenSAML 3 documentation is
> practically absent.
>
> Regards.
>
> On 07/03/17 10:49, Francesco Chicchiriccò wrote:
>>
>>> Hi all,
>>> I have made a proposal at [1] and opened SYNCOPE-1041 for the purpose.
>>>
>>> I am already working on it, and it should be ready on time for Syncope
>>> 2.0.3.
>>>
>>> The idea is to embed the whole implementation in a PR, with option of
>>> further discussing before merge.
>>>
>>> Also, I would like to include, in the 2.0.3 release notes, a public
>>> "thank you" statement to the University of Helsinki similar to the one
>>> we made for 1.1.0 [2].
>>>
>>> WDYT?
>>> Regards.
>>>
>>> [1] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCU
>>> SS%5D+SAML+2.0+Service+Provider+feature
>>> [2] https://cwiki.apache.org/confluence/display/SYNCOPE/Ad+libit
>>> um#Adlibitum-1.1.0(April5th,2013)
>>>
>>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: [DISCUSS] SAML 2.0 Service Provider feature

[Sergey Beryozkin]

Hi Francesco
On 07/03/17 11:00, Francesco Chicchiriccò wrote:

On 07/03/2017 11:56, Sergey Beryozkin wrote:

Hi Francesco

Not sure if it can be relevant for this work but at the CXF level we
have this SAML SP support:

http://cxf.apache.org/docs/saml-web-sso.html,

something Colm and myself worked upon earlier on.


Thanks for the pointer, Sergey: I did already find it, though.

This does not completely fit in our scenario since here the idea is to
split the responsibilities in two: from one side the front-end
web-fragment takes care of the SAML exchange, from the other side the
Syncope core (e.g. the CXF application) works as back-end for the
effective SAML assertion validation and generation.

I'll look at the provided page and related implementation, anyway, thank
you very much indeed.

Thanks, right, what that CXF module offers is an ability to redirect the 
users to the SAML2 IDP and validate the saml assertions when the user is 
returned from there and make sure the security session is set.



FYI, this class

https://github.com/apache/wss4j/blob/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java


has been already extremely useful to me, since OpenSAML 3 documentation
is practically absent.
I believe we also use those utils or may be other OpenSAML related code, 
Colm would know more about it


If that module does not quite work for Syncope then it is fine :-), just 
wanted to make sure you are aware of it


Cheers, Sergey


Regards.


On 07/03/17 10:49, Francesco Chicchiriccò wrote:

Hi all,
I have made a proposal at [1] and opened SYNCOPE-1041 for the purpose.

I am already working on it, and it should be ready on time for Syncope
2.0.3.

The idea is to embed the whole implementation in a PR, with option of
further discussing before merge.

Also, I would like to include, in the 2.0.3 release notes, a public
"thank you" statement to the University of Helsinki similar to the one
we made for 1.1.0 [2].

WDYT?
Regards.

[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+SAML+2.0+Service+Provider+feature

[2]
https://cwiki.apache.org/confluence/display/SYNCOPE/Ad+libitum#Adlibitum-1.1.0(April5th,2013)






--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Re: [DISCUSS] SAML 2.0 Service Provider feature

[Francesco Chicchiriccò]

On 07/03/2017 11:56, Sergey Beryozkin wrote:

Hi Francesco

Not sure if it can be relevant for this work but at the CXF level we 
have this SAML SP support:


http://cxf.apache.org/docs/saml-web-sso.html,

something Colm and myself worked upon earlier on.


Thanks for the pointer, Sergey: I did already find it, though.

This does not completely fit in our scenario since here the idea is to 
split the responsibilities in two: from one side the front-end 
web-fragment takes care of the SAML exchange, from the other side the 
Syncope core (e.g. the CXF application) works as back-end for the 
effective SAML assertion validation and generation.


I'll look at the provided page and related implementation, anyway, thank 
you very much indeed.


FYI, this class

https://github.com/apache/wss4j/blob/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java

has been already extremely useful to me, since OpenSAML 3 documentation 
is practically absent.


Regards.


On 07/03/17 10:49, Francesco Chicchiriccò wrote:

Hi all,
I have made a proposal at [1] and opened SYNCOPE-1041 for the purpose.

I am already working on it, and it should be ready on time for Syncope
2.0.3.

The idea is to embed the whole implementation in a PR, with option of
further discussing before merge.

Also, I would like to include, in the 2.0.3 release notes, a public
"thank you" statement to the University of Helsinki similar to the one
we made for 1.1.0 [2].

WDYT?
Regards.

[1] 
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+SAML+2.0+Service+Provider+feature 

[2] 
https://cwiki.apache.org/confluence/display/SYNCOPE/Ad+libitum#Adlibitum-1.1.0(April5th,2013) 



--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: [DISCUSS] SAML 2.0 Service Provider feature

[Sergey Beryozkin]

Hi Francesco

Not sure if it can be relevant for this work but at the CXF level we 
have this SAML SP support:


http://cxf.apache.org/docs/saml-web-sso.html,

something Colm and myself worked upon earlier on.

Sergey
On 07/03/17 10:49, Francesco Chicchiriccò wrote:

Hi all,
I have made a proposal at [1] and opened SYNCOPE-1041 for the purpose.

I am already working on it, and it should be ready on time for Syncope
2.0.3.

The idea is to embed the whole implementation in a PR, with option of
further discussing before merge.

Also, I would like to include, in the 2.0.3 release notes, a public
"thank you" statement to the University of Helsinki similar to the one
we made for 1.1.0 [2].

WDYT?
Regards.

[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+SAML+2.0+Service+Provider+feature

[2]
https://cwiki.apache.org/confluence/display/SYNCOPE/Ad+libitum#Adlibitum-1.1.0(April5th,2013)

[DISCUSS] SAML 2.0 Service Provider feature

[Francesco Chicchiriccò]

Hi all,
I have made a proposal at [1] and opened SYNCOPE-1041 for the purpose.

I am already working on it, and it should be ready on time for Syncope 
2.0.3.


The idea is to embed the whole implementation in a PR, with option of 
further discussing before merge.


Also, I would like to include, in the 2.0.3 release notes, a public 
"thank you" statement to the University of Helsinki similar to the one 
we made for 1.1.0 [2].


WDYT?
Regards.

[1] 
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+SAML+2.0+Service+Provider+feature
[2] 
https://cwiki.apache.org/confluence/display/SYNCOPE/Ad+libitum#Adlibitum-1.1.0(April5th,2013)


--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/