if you loved SOAP, you'll love SAML. some pitfalls with SAML http://www.youtube.com/watch?v=9Iw3xLj9040
On breaking SAML http://www.nds.rub.de/research/publications/BreakingSAML/ Granted this has been fixed. It's an overly complex mess. I would be shocked if this "fixes" the standard. To be fair, here is IBMs take on SAML http://www.ibm.com/developerworks/xml/library/x-samlmyth/index.html?ca=drs Again, keep in mind they love SOAP, and WS-* and all things XML Bottom line. Why are you using SAML and who will have to consume it. Enterprise types like it, mobile and web developers hate it. On Fri, Feb 7, 2014 at 10:12 AM, Andrew Farnsworth <[email protected]> wrote: > Andrew, > Can you expand on the SAML is Bad vibe you are sending out? We have a > group who is pushing SAML in general and Shibboleth specifically. We are > not far down the path yet so it would be good to know the issues around it. > > Thanks! > > Andy > > > On Fri, Feb 7, 2014 at 10:48 AM, andrew mcelroy <[email protected]> wrote: >> >> sorry that I'm late to this thread, but if you can use Active >> Directory/LDAP, OAuth, or even OpenID you will be much better off. >> to butcher a Simpsons quote: " You don't make friends with SAML. You >> don't make friends with SAML 10X (fade out) " >> >> On Fri, Feb 7, 2014 at 9:44 AM, Jamie Faris <[email protected]> wrote: >> > Here we use CAS [1] for Single Sign On among a few Java web apps. It >> > uses SAML and should be able to work with non-Java apps as well, we >> > just haven't tried yet. It has worked pretty well for us. >> > >> > In our experience Single Sign Out is a much harder problem than Single >> > Sign In. >> > >> > Jamie >> > >> > [1] http://www.jasig.org/cas >> > >> > >> > >> > On Wed, Feb 5, 2014 at 2:24 PM, Howard White <[email protected]> wrote: >> >> Anybody got links on references to SAML? We'd like an overview and >> >> some >> >> thoughts. Comments and war stories appreciated. There has been much >> >> clamor >> >> in the user community for Single Sign On and much wringing of hands and >> >> gnashing of teeth in the development and operations communities trying >> >> to >> >> respond. >> >> >> >> In our specific application, The Service and Identity Providers shall >> >> all be >> >> strictly intranet behind firewalls. >> >> >> >> Howard >> >> >> >> -- >> >> -- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "NLUG" group. >> >> To post to this group, send email to [email protected] >> >> To unsubscribe from this group, send email to >> >> [email protected] >> >> For more options, visit this group at >> >> http://groups.google.com/group/nlug-talk?hl=en >> >> >> >> --- You received this message because you are subscribed to the Google >> >> Groups "NLUG" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> >> an >> >> email to [email protected]. >> >> For more options, visit https://groups.google.com/groups/opt_out. >> > >> > -- >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "NLUG" group. >> > To post to this group, send email to [email protected] >> > To unsubscribe from this group, send email to >> > [email protected] >> > For more options, visit this group at >> > http://groups.google.com/group/nlug-talk?hl=en >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups "NLUG" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. > > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
