A couple of comments. Firstly, perhaps we could create a fictional website for our examples?
Secondly, I don't think that the docs explain clearly enough exactly what IdP initiated login is and why it is important. Also, its not clear what happens if someone uses this with a relayURL that is nothing to do with the existing callback URL. Does the relayURL mean that I no longer need to specify a callback URL? Is this a potential security issue (someone spoofing a website but still using WSO2 IdP?) Finally, it isn't clear in this documentation what the requirements on the Relying Party are when you use IdP initiated login. Paul On 16 January 2014 12:52, Samuel Gnaniah <[email protected]> wrote: > Added a description into [3]. Let me know if it's sufficient or if it > needs any further changes. Removed mention of that check box when using SSO > between Carbon servers. > > [3] - http://docs.wso2.org/display/IS460/Working+With+SAML2+Based+SSO > > Thanks, > Sam > > *Samuel Gnaniah* > Senior Technical Writer > > WSO2 (pvt.) Ltd. > Colombo, Sri Lanka > (+94) 773131798 > > > On Thu, Jan 16, 2014 at 9:16 AM, Johann Nallathamby <[email protected]>wrote: > >> Hi Samuel, >> >> I think you have only added the description of the check box. Would be >> great if you could also add the rest of the description on how to use this >> feature. This could actually go to [1] as a separate topic at the very end. >> >> Also I see you have add this description to [2]. This is actually not >> needed. You don't have to enable this when doing SSO between Carbon servers. >> >> [1] http://docs.wso2.org/display/IS460/Working+With+SAML2+Based+SSO >> [2] >> http://docs.wso2.org/display/IS460/Configuring+Single+Sign-On+Across+Different+Carbon+Servers >> >> >> On Thu, Dec 12, 2013 at 11:33 AM, Johann Nallathamby <[email protected]>wrote: >> >>> Hi Samuel, >>> >>> You don't need a separate topic for this. Add it to the existing SSO >>> stuff like any other explanation given for a check box. >>> >>> >>> On Thu, Dec 12, 2013 at 1:40 AM, Samuel Gnaniah <[email protected]> wrote: >>> >>>> Hi Johann, >>>> >>>> Will create a topic for this. >>>> >>>> Thanks, >>>> Sam >>>> >>>> *Samuel Gnaniah* >>>> Senior Technical Writer >>>> >>>> WSO2 (pvt.) Ltd. >>>> Colombo, Sri Lanka >>>> (+94) 773131798 >>>> >>>> >>>> On Thu, Dec 12, 2013 at 12:54 AM, Johann Nallathamby >>>> <[email protected]>wrote: >>>> >>>>> Hi Samuel, >>>>> >>>>> Just a reminder to add this content under IS-4.6.0 SSO. >>>>> >>>>> >>>>> On Mon, Dec 9, 2013 at 12:26 PM, Johann Nallathamby >>>>> <[email protected]>wrote: >>>>> >>>>>> Hi Samuel, >>>>>> >>>>>> Please add this to the IS-4.6.0 docs under SAML SSO. The above >>>>>> descriptions should be enough for starters. >>>>>> >>>>>> >>>>>> On Sun, Nov 10, 2013 at 12:12 AM, Johann Nallathamby <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> IdP Initiated SSO support has been added with r190585. >>>>>>> >>>>>>> To enable IdP Initiated SSO for a service provider click on "Enable >>>>>>> IdP Initiated SSO" as shown in the attached screen shot. >>>>>>> >>>>>>> To initiate IdP Initiated SSO you need to perform a HTTP GET/POST to >>>>>>> the following URL (assume the registered service provider Issuer ID is >>>>>>> travelocity.com) >>>>>>> >>>>>>> https://localhost:9443/samlsso?spEntityID=travelocity.com >>>>>>> >>>>>>> This request will authenticate the user and redirect him to the >>>>>>> registered Assertion Consumer URL. Optionally you can send in a >>>>>>> RelayState >>>>>>> parameter as follows: >>>>>>> >>>>>>> >>>>>>> https://localhost:9443/samlsso?spEntityID=travelocity.com&RelayState=http://localhost:8080/travelocity.com/my-home.jsp >>>>>>> >>>>>>> This request will authenticate the user and redirect him to the URL >>>>>>> in the RelayState parameter. >>>>>>> >>>>>>> To Note: >>>>>>> Either you could have SP Initiated SSO only, or SP Initiated SSO and >>>>>>> IdP Initiated SSO. You can't have IdP initiated SSO only. By design SP >>>>>>> Initiated SSO is more restrictive and secure. A service provider is >>>>>>> allowed >>>>>>> to do IdP Initiated SSO would automatically imply he is allowed to do SP >>>>>>> Initiated SSO as well. >>>>>>> >>>>>>> -- >>>>>>> Thanks & Regards, >>>>>>> >>>>>>> *Johann Dilantha Nallathamby* >>>>>>> Senior Software Engineer >>>>>>> Integration Technologies Team >>>>>>> WSO2, Inc. >>>>>>> lean.enterprise.middleware >>>>>>> >>>>>>> Mobile - *+94777776950* >>>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> >>>>>> *Johann Dilantha Nallathamby* >>>>>> Senior Software Engineer >>>>>> Integration Technologies Team >>>>>> WSO2, Inc. >>>>>> lean.enterprise.middleware >>>>>> >>>>>> Mobile - *+94777776950* >>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> >>>>> *Johann Dilantha Nallathamby* >>>>> Senior Software Engineer >>>>> Integration Technologies Team >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile - *+94777776950* >>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>> >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Senior Software Engineer >>> Integration Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Senior Software Engineer >> Integration Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > -- > You received this message because you are subscribed to the Google Groups > "WSO2 Documentation" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit > https://groups.google.com/a/wso2.com/groups/opt_out. > -- Paul Fremantle CTO and Co-Founder, WSO2 OASIS WS-RX TC Co-chair, Apache Member UK: +44 207 096 0336 US: +1 646 595 7614 blog: http://pzf.fremantle.org twitter.com/pzfreo [email protected] wso2.com Lean Enterprise Middleware Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, retransmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
