[Carbon-dev] Implementing SAML2 based SSO for Gadgets

Thu, 01 Jul 2010 03:48:08 -0700 

Hi,

Tyrell, Prabath, Thilina and I currently working on implementing SSO for
gadgets.  We have come up with some difficulties and looking for any
assistance we can get.
Here what we are doing:

   - Every WSO2 product supports SAML2 based SSO. (This is already done)
   - And our services can be SAML2 protected so that any client trying to
   access these services has to provide a valid SAML2 token. ( Thilina is
   working on this module for services)
   - So when a gadget try to access a service, it has to provide a valid
   SAML2 token to the service.
   - A gadget can get a valid SAML2 token in following ways as we discussed.


   1. *Pass the same token given to the Gadget Server to gadgets.*
   In this case each and every gadget in the portal and the gadget server
   will use the same SAML2 token which is given to the Gadget Server.
   But, still we couldn't find how to pass the gadget server's token to
   gadgets.
   2. *Each and every gadget will act as a SAML2 consumer.*
   In this case each and every gadget will act as a SAML2 consumer and has
   to be authenticated by the *IS *individually.
   In this case,


   - Gadgets has to generate a message called* <AuthnRequest>* and send it
   to the Identity Server for authentication.
   - This <AuthnRequest> message must contain 3 URLs as follows

   - Redirection URL : The URL of the Identity Server
      - Issuer URL : The URL of the sender who generates and sends the
      <AuthnRequest> message.
      - Consumer URL : The Identity server sends the *<Response> *message to
      this URL. Identity server Sends this <Response> message after processing
      the  <AuthnRequest> message indicating the success/ failure etc of the
      authentication.

We are confused about the* Issuer URL* and the *Consumer URL. *Because,
anything acting as a SAML2 consumer should have these URLs. but gadgets do
not have any URLs.

Currently we are trying to figure out how Oauth has achieved this. We will
be grateful if we could get any assistance with this.

Thanks,,,
Suresh.../

_______________________________________________
Carbon-dev mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Reply via email to