Thank you ! On Fri, Sep 28, 2018 at 2:42 PM Isura Karunaratne <[email protected]> wrote:
> > > On Fri, Sep 28, 2018 at 11:32 AM Winma Heenatigala <[email protected]> wrote: > >> Hi all, >> >> As I mentioned in my previous email, I completed my research on the ECP >> profile and started to implement it for WSO2 identity server. >> For testing purposes I needed an ECP enabled Service Provider and a >> client. For that I used Shibboleth SP and a Simple Bash client[1] provided >> by Shibboleth. >> >> I created a new Servlet called SAMLECPProviderServlet to capture the >> SOAP binded SAML authentication request sent by the Enhanced Client.The >> basic auth credentials (username and password) were sent by the client to >> the IDP in the http request authorization header. Using a request wrapper, >> basic auth credentials were set to the sectoken parameter, the saml request >> was extracted from the soap envelope and forwarded the new request to the >> SAMLSSOProviderServlet. Then the request could process in the way that the >> Request Path Authenticator works. Inside the SAMLSSOServlet , for the >> requests from the ECP clients a separate response was created where the >> saml response was enclosed in a soap envelope. >> >> However, since the client is browserless there is an issue in providing >> user consents. When I disabled SSO Consent Management from the server and >> tested the client, the client worked fine. >> Now I am working on finding a way to give the user consents without the >> browser. >> > Currenty, Identity Server does not support managing consents for non > browser based authentications. > > Thanks > Isura. > >> >> [1] >> https://wiki.shibboleth.net/confluence/display/SHIB2/Contributions#Contributions-simplebash >> >> Thank you! >> Winma >> >> >> On Mon, Sep 3, 2018 at 10:57 PM Winma Heenatigala <[email protected]> wrote: >> >>> >>> Hi all, >>> >>> I am working on a project to implement SAML ECP profile for WSO2 IS. >>> Here is a brief summary on my project progress. >>> >>> *Introduction* >>> Web Based SSO profile supports for browser based clients to SSO.In >>> contrast SAML ECP(Enhanced Clients or Proxies) profile supports non-browser >>> based clients such as desktop clients to SSO. >>> >>> *Progress* >>> I researched on existing IDPs that has SAML ECP profile implemented.From >>> my research results I found that Shibboleth is the best among the ECP >>> enabled IDPs. As the initial step to the project I downloaded an existing >>> ECP client and connected it with Shibboleth to examined how the ECP client >>> works. >>> >>> During the discussion held today, we discussed about how the message >>> flow happens in the ECP. During the meeting we verified that although the >>> SP sends a set of IDP s in the Response message, the ECP actually choses >>> the IDP on its own and the client itself must validates whether the choosen >>> IDP is one of the IDPs accepted by the SP. We also discussed on the >>> importance of having RelayState. >>> >>> >>> The following documents were written on connecting the ECP client with >>> Shibboleth. >>> >>> https://medium.com/@winma.15/installation-of-shibboleth-idp-in-ubuntu-3acc57075cad >>> >>> https://medium.com/@winma.15/shibboleth-sp-installation-in-ubuntu-d284b8d850da >>> >>> https://medium.com/@winma.15/connecting-ecp-with-shibboleth-using-wso2-identity-server-user-store-540f616ee968 >>> >>> Thank you! >>> Winma >>> >>> >>> *Winma Heenatigala* >>> *Trainee Software Engineer | WSO2* >>> >>> *Mobile : +94719132444* >>> >>> >>> >>> >> >> -- >> >> *Winma Heenatigala* >> *Trainee Software Engineer | WSO2* >> >> *Mobile : +94719132444* >> >> >> >> > > -- > > *Isura Dilhara Karunaratne* > Associate Technical Lead | WSO2 <http://wso2.com/> > *lean.enterprise.middleware* > Email: [email protected] > Mob : +94 772 254 810 > Blog : http://isurad.blogspot.com/ > > > > -- *Winma Heenatigala* *Trainee Software Engineer | WSO2* *Mobile : +94719132444*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
