On Fri, Sep 28, 2018 at 12:16 PM Winma Heenatigala <[email protected]> wrote:
> Hi all, > > I am working on my project to implement SAML ECP(Enhanced Client or proxy) > profile for WSO2 Identity Server. > > In contrast to the SAML Web based SSO, SAML ECP profile is related to > browserless clients. The following diagram shows how the message flow > happens. > > > > > For testing purposes I needed an ECP enabled Service Provider and a > client. For that, I used Shibboleth SP and a Simple Bash client[1] provided > by Shibboleth. > > I created a new Servlet called SAMLECPProviderServlet to capture the SOAP > bound SAML authentication request sent by the Enhanced Client. The basic > auth credentials (username and password) were sent by the client to the IDP > in the HTTP request authorization header. Using a request wrapper, basic > auth credentials were set to the sectoken parameter, the saml request was > extracted from the soap envelope and forwarded the new request to the > SAMLSSOProviderServlet. Then the request could process in the way that the > Request Path Authenticator works. Inside the SAMLSSOServlet, for the > requests from the ECP clients, a separate response was created where the > saml response was enclosed in a soap envelope. > > Since the client is browserless there is an issue in providing user > consents. I am looking for a way that our identity server can use to get > consents from the users without using the browser. (using the bash > client).Your valued suggestions are highly appreciated. > IMO, We have to do the consent management from the application side. Since the ECP client is not browser based, there is no way to handle the consents from the Identity Server at the moment. Thanks Isura. > Thank you! > > -- > > *Winma Heenatigala* > *Trainee Software Engineer | WSO2* > > *Mobile : +94719132444* > > > > -- *Isura Dilhara Karunaratne* Associate Technical Lead | WSO2 <http://wso2.com/> *lean.enterprise.middleware* Email: [email protected] Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
