Hi all, I am working on my project to implement SAML ECP(Enhanced Client or proxy) profile for WSO2 Identity Server.
In contrast to the SAML Web based SSO, SAML ECP profile is related to browserless clients. The following diagram shows how the message flow happens. For testing purposes I needed an ECP enabled Service Provider and a client. For that, I used Shibboleth SP and a Simple Bash client[1] provided by Shibboleth. I created a new Servlet called SAMLECPProviderServlet to capture the SOAP bound SAML authentication request sent by the Enhanced Client. The basic auth credentials (username and password) were sent by the client to the IDP in the HTTP request authorization header. Using a request wrapper, basic auth credentials were set to the sectoken parameter, the saml request was extracted from the soap envelope and forwarded the new request to the SAMLSSOProviderServlet. Then the request could process in the way that the Request Path Authenticator works. Inside the SAMLSSOServlet, for the requests from the ECP clients, a separate response was created where the saml response was enclosed in a soap envelope. Since the client is browserless there is an issue in providing user consents. I am looking for a way that our identity server can use to get consents from the users without using the browser. (using the bash client).Your valued suggestions are highly appreciated. Thank you! -- *Winma Heenatigala* *Trainee Software Engineer | WSO2* *Mobile : +94719132444*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev