Hi Pulasthi, The validation happens in the sso agent jar which is used by the webapp as a library. Please find the code at [1].
[1] - https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.sso.agent/ [2] - https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.sso.agent/1.4.0/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SAML2SSOManager.java Thanks, Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka On Wed, Dec 9, 2015 at 12:01 PM, Pulasthi Harasgama <[email protected]> wrote: > Hi, > > I was following the Single Sign On with SAML 2.0 sample [1] to configure > SSO for my web application, and I am having difficulty finding out where > the signature in the SAML Token received by travelocity.com is validated. > Once the user is authenticated at the identity Server, I think the SAML > token issued to the user should be validated by travelocity but I can't > seem to locate where this is done in the webapp. > > If possible, please do let me know if I am missing something here or how > this is done by travelocity. > > [1] > https://docs.wso2.com/display/IS500/Configuring+Single+Sign-On+with+SAML+2.0 > > Thanks, > -- > *Pulasthi Harasgama* > Software Engineering Intern > Mobile: +94774978735 > WSO2 Inc.: http://wso2.com > Blog: https://pulasthiharasgama.wordpress.com/ > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
