Thanks for the feedback, Paul. Johann, lets have a chat on this tomorrow and improve the clarity of this content.
Regards, Sam *Samuel Gnaniah* Senior Technical Writer WSO2 (pvt.) Ltd. Colombo, Sri Lanka (+94) 773131798 On Thu, Jan 16, 2014 at 6:52 PM, Paul Fremantle <[email protected]> wrote: > A couple of comments. Firstly, perhaps we could create a fictional website > for our examples? > > Secondly, I don't think that the docs explain clearly enough exactly what > IdP initiated login is and why it is important. Also, its not clear what > happens if someone uses this with a relayURL that is nothing to do with the > existing callback URL. Does the relayURL mean that I no longer need to > specify a callback URL? Is this a potential security issue (someone > spoofing a website but still using WSO2 IdP?) > > Finally, it isn't clear in this documentation what the requirements on the > Relying Party are when you use IdP initiated login. > > Paul > > > On 16 January 2014 12:52, Samuel Gnaniah <[email protected]> wrote: > >> Added a description into [3]. Let me know if it's sufficient or if it >> needs any further changes. Removed mention of that check box when using SSO >> between Carbon servers. >> >> [3] - http://docs.wso2.org/display/IS460/Working+With+SAML2+Based+SSO >> >> Thanks, >> Sam >> >> *Samuel Gnaniah* >> Senior Technical Writer >> >> WSO2 (pvt.) Ltd. >> Colombo, Sri Lanka >> (+94) 773131798 >> >> >> On Thu, Jan 16, 2014 at 9:16 AM, Johann Nallathamby <[email protected]>wrote: >> >>> Hi Samuel, >>> >>> I think you have only added the description of the check box. Would be >>> great if you could also add the rest of the description on how to use this >>> feature. This could actually go to [1] as a separate topic at the very end. >>> >>> Also I see you have add this description to [2]. This is actually not >>> needed. You don't have to enable this when doing SSO between Carbon servers. >>> >>> [1] http://docs.wso2.org/display/IS460/Working+With+SAML2+Based+SSO >>> [2] >>> http://docs.wso2.org/display/IS460/Configuring+Single+Sign-On+Across+Different+Carbon+Servers >>> >>> >>> On Thu, Dec 12, 2013 at 11:33 AM, Johann Nallathamby <[email protected]>wrote: >>> >>>> Hi Samuel, >>>> >>>> You don't need a separate topic for this. Add it to the existing SSO >>>> stuff like any other explanation given for a check box. >>>> >>>> >>>> On Thu, Dec 12, 2013 at 1:40 AM, Samuel Gnaniah <[email protected]>wrote: >>>> >>>>> Hi Johann, >>>>> >>>>> Will create a topic for this. >>>>> >>>>> Thanks, >>>>> Sam >>>>> >>>>> *Samuel Gnaniah* >>>>> Senior Technical Writer >>>>> >>>>> WSO2 (pvt.) Ltd. >>>>> Colombo, Sri Lanka >>>>> (+94) 773131798 >>>>> >>>>> >>>>> On Thu, Dec 12, 2013 at 12:54 AM, Johann Nallathamby >>>>> <[email protected]>wrote: >>>>> >>>>>> Hi Samuel, >>>>>> >>>>>> Just a reminder to add this content under IS-4.6.0 SSO. >>>>>> >>>>>> >>>>>> On Mon, Dec 9, 2013 at 12:26 PM, Johann Nallathamby >>>>>> <[email protected]>wrote: >>>>>> >>>>>>> Hi Samuel, >>>>>>> >>>>>>> Please add this to the IS-4.6.0 docs under SAML SSO. The above >>>>>>> descriptions should be enough for starters. >>>>>>> >>>>>>> >>>>>>> On Sun, Nov 10, 2013 at 12:12 AM, Johann Nallathamby < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> IdP Initiated SSO support has been added with r190585. >>>>>>>> >>>>>>>> To enable IdP Initiated SSO for a service provider click on "Enable >>>>>>>> IdP Initiated SSO" as shown in the attached screen shot. >>>>>>>> >>>>>>>> To initiate IdP Initiated SSO you need to perform a HTTP GET/POST >>>>>>>> to the following URL (assume the registered service provider Issuer ID >>>>>>>> is >>>>>>>> travelocity.com) >>>>>>>> >>>>>>>> https://localhost:9443/samlsso?spEntityID=travelocity.com >>>>>>>> >>>>>>>> This request will authenticate the user and redirect him to the >>>>>>>> registered Assertion Consumer URL. Optionally you can send in a >>>>>>>> RelayState >>>>>>>> parameter as follows: >>>>>>>> >>>>>>>> >>>>>>>> https://localhost:9443/samlsso?spEntityID=travelocity.com&RelayState=http://localhost:8080/travelocity.com/my-home.jsp >>>>>>>> >>>>>>>> This request will authenticate the user and redirect him to the URL >>>>>>>> in the RelayState parameter. >>>>>>>> >>>>>>>> To Note: >>>>>>>> Either you could have SP Initiated SSO only, or SP Initiated SSO >>>>>>>> and IdP Initiated SSO. You can't have IdP initiated SSO only. By >>>>>>>> design SP >>>>>>>> Initiated SSO is more restrictive and secure. A service provider is >>>>>>>> allowed >>>>>>>> to do IdP Initiated SSO would automatically imply he is allowed to do >>>>>>>> SP >>>>>>>> Initiated SSO as well. >>>>>>>> >>>>>>>> -- >>>>>>>> Thanks & Regards, >>>>>>>> >>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>> Senior Software Engineer >>>>>>>> Integration Technologies Team >>>>>>>> WSO2, Inc. >>>>>>>> lean.enterprise.middleware >>>>>>>> >>>>>>>> Mobile - *+94777776950* >>>>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Thanks & Regards, >>>>>>> >>>>>>> *Johann Dilantha Nallathamby* >>>>>>> Senior Software Engineer >>>>>>> Integration Technologies Team >>>>>>> WSO2, Inc. >>>>>>> lean.enterprise.middleware >>>>>>> >>>>>>> Mobile - *+94777776950* >>>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> >>>>>> *Johann Dilantha Nallathamby* >>>>>> Senior Software Engineer >>>>>> Integration Technologies Team >>>>>> WSO2, Inc. >>>>>> lean.enterprise.middleware >>>>>> >>>>>> Mobile - *+94777776950* >>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> >>>> *Johann Dilantha Nallathamby* >>>> Senior Software Engineer >>>> Integration Technologies Team >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - *+94777776950* >>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Senior Software Engineer >>> Integration Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "WSO2 Documentation" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit >> https://groups.google.com/a/wso2.com/groups/opt_out. >> > > > > -- > Paul Fremantle > CTO and Co-Founder, WSO2 > OASIS WS-RX TC Co-chair, Apache Member > > UK: +44 207 096 0336 > US: +1 646 595 7614 > > blog: http://pzf.fremantle.org > twitter.com/pzfreo > [email protected] > > wso2.com Lean Enterprise Middleware > > Disclaimer: This communication may contain privileged or other > confidential information and is intended exclusively for the addressee/s. > If you are not the intended recipient/s, or believe that you may have > received this communication in error, please reply to the sender indicating > that fact and delete the copy you received and in addition, you should not > print, copy, retransmit, disseminate, or otherwise use the information > contained in this communication. Internet communications cannot be > guaranteed to be timely, secure, error or virus-free. The sender does not > accept liability for any errors or omissions. >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
