Hi Francesco, It's good to see support for SAML coming to Syncope. I'd encourage you to re-use the functionality developed in CXF to validate the SAML Response from the IdP:
https://github.com/apache/cxf/blob/master/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java https://github.com/apache/cxf/blob/master/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java I spent a lot of time reading the specs and making sure the validation rules were all followed :-) Colm. On Tue, Mar 7, 2017 at 11:00 AM, Francesco Chicchiriccò <ilgro...@apache.org > wrote: > On 07/03/2017 11:56, Sergey Beryozkin wrote: > >> Hi Francesco >> >> Not sure if it can be relevant for this work but at the CXF level we have >> this SAML SP support: >> >> http://cxf.apache.org/docs/saml-web-sso.html, >> >> something Colm and myself worked upon earlier on. >> > > Thanks for the pointer, Sergey: I did already find it, though. > > This does not completely fit in our scenario since here the idea is to > split the responsibilities in two: from one side the front-end web-fragment > takes care of the SAML exchange, from the other side the Syncope core (e.g. > the CXF application) works as back-end for the effective SAML assertion > validation and generation. > > I'll look at the provided page and related implementation, anyway, thank > you very much indeed. > > FYI, this class > > https://github.com/apache/wss4j/blob/trunk/ws-security-commo > n/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java > > has been already extremely useful to me, since OpenSAML 3 documentation is > practically absent. > > Regards. > > On 07/03/17 10:49, Francesco Chicchiriccò wrote: >> >>> Hi all, >>> I have made a proposal at [1] and opened SYNCOPE-1041 for the purpose. >>> >>> I am already working on it, and it should be ready on time for Syncope >>> 2.0.3. >>> >>> The idea is to embed the whole implementation in a PR, with option of >>> further discussing before merge. >>> >>> Also, I would like to include, in the 2.0.3 release notes, a public >>> "thank you" statement to the University of Helsinki similar to the one >>> we made for 1.1.0 [2]. >>> >>> WDYT? >>> Regards. >>> >>> [1] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCU >>> SS%5D+SAML+2.0+Service+Provider+feature >>> [2] https://cwiki.apache.org/confluence/display/SYNCOPE/Ad+libit >>> um#Adlibitum-1.1.0(April5th,2013) >>> >> > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
