subject:"\[Dev\] \[IS\] SAML 2 SSO Login Session Issue"

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

2017-11-15 Thread Thilina Madumal

Hi Dilshani,

In Travelocity app, once the user gets authenticated, on the Travelocity
server side it creates a session (this implementation can by following the
SSO-AgentFilter [1]).

Web applications use cookies to communicate details about the sessions
created on the server side to the front-end (or to the browser).
Then when a request comes from the browser to the server-side, in the
request header browser includes the cookies that have been saved against
that particular domain. As a request comes to the server side (tomcat
container in travelocity example), server-side retrieves the session using
this cookie details.

Cookie acceptance policy is different from browser to browser unless
otherwise specified in the cookie spec [2].
So in some cases, some browsers might not accept some cookies. localhost
domain, ip can be some examples.

When the cookie is not accepted by the browser it will not send the cookie
back with requests. Because of this server-side fails to retrieve the
session.
This can be the reason for the problem you face.

Please feel free to ask anything that is not clear.

[1]
https://github.com/wso2-extensions/identity-agent-sso/blob/master/components/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentFilter.java
[2] https://tools.ietf.org/html/rfc6265

Best,
Thilina.

On Tue, Nov 14, 2017 at 10:29 AM, Dilshani Subasinghe 
wrote:

> Hi,
>
> @ Hasintha/Godwin - As Thanuj explained here, it is the session created by
> Travelocity which keeps SAML2 assertion. I misunderstood the scenario as it
> is going to set by SAML 2 flow by WSO2 IS. I will look into Travelocity
> logic which set the cookie here.
>
> Thanks Thanuja for the explanation.
>
> Regards,
> Dilshani
>
> On Tue, Nov 14, 2017 at 10:22 AM, Godwin Shrimal  wrote:
>
>> Hi Dilshani,
>>
>> What do u mean by "while sending the SAML request it may not set the
>> session."  and "it may attach session correctly in the request."  ?
>>
>> I am not clear what are you referring attaching session in the request
>> here?
>>
>>
>> Thanks
>> Godwin
>>
>> On Mon, Nov 13, 2017 at 7:04 PM, Dilshani Subasinghe 
>> wrote:
>>
>>> Hi IS Team,
>>>
>>> Configured SAML 2 SSO in WSO2 IS 5.3.0 for the scenario of "SAML2 Bearer
>>> Assertion Profile for OAuth 2.0 with WSO2 Travelocity". It worked well and
>>> moved the setup to cloud instance.
>>>
>>> When it is working in cloud set up, it identified that while sending the
>>> SAML request it may not set the session. I used IP instead of hostname.
>>> When we give hostname in assertion URL, it may attach session correctly in
>>> the request.
>>>
>>> Is that the expected behavior? Why we can't attach session correctly
>>> with IP.  I tried to use IP as we may have to add hostname as we accessing
>>> it remotely. Any solution for that?
>>>
>>> [1] https://docs.wso2.com/display/IS530/SAML2+Bearer+Asserti
>>> on+Profile+for+OAuth+2.0+with+WSO2+Travelocity
>>>
>>> Thanks,
>>> Dilshani
>>>
>>> --
>>>
>>> Dilshani Subasinghe
>>> Software Engineer - QA *|* WSO2
>>> lean *|* enterprise *|* middleware
>>>
>>> Mobile : +94773375185 <+94%2077%20337%205185>
>>> Blog: dilshani.me
>>>
>>> 
>>>
>>
>>
>>
>> --
>> *Godwin Amila Shrimal*
>> Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>> *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>
>
>
> --
>
> Dilshani Subasinghe
> Software Engineer - QA *|* WSO2
> lean *|* enterprise *|* middleware
>
> Mobile : +94773375185 <+94%2077%20337%205185>
> Blog: dilshani.me
>
> 
>

-- 
*Thilina Madumal*
*Software Engineer | **WSO2*
Email: thilina...@wso2.com
Mobile: *+ <+94%2077%20767%201807>94 774553167*
Web:  http://wso2.com

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

2017-11-13 Thread Dilshani Subasinghe

Hi,

@ Hasintha/Godwin - As Thanuj explained here, it is the session created by
Travelocity which keeps SAML2 assertion. I misunderstood the scenario as it
is going to set by SAML 2 flow by WSO2 IS. I will look into Travelocity
logic which set the cookie here.

Thanks Thanuja for the explanation.

Regards,
Dilshani

On Tue, Nov 14, 2017 at 10:22 AM, Godwin Shrimal  wrote:

> Hi Dilshani,
>
> What do u mean by "while sending the SAML request it may not set the
> session."  and "it may attach session correctly in the request."  ?
>
> I am not clear what are you referring attaching session in the request
> here?
>
>
> Thanks
> Godwin
>
> On Mon, Nov 13, 2017 at 7:04 PM, Dilshani Subasinghe 
> wrote:
>
>> Hi IS Team,
>>
>> Configured SAML 2 SSO in WSO2 IS 5.3.0 for the scenario of "SAML2 Bearer
>> Assertion Profile for OAuth 2.0 with WSO2 Travelocity". It worked well and
>> moved the setup to cloud instance.
>>
>> When it is working in cloud set up, it identified that while sending the
>> SAML request it may not set the session. I used IP instead of hostname.
>> When we give hostname in assertion URL, it may attach session correctly in
>> the request.
>>
>> Is that the expected behavior? Why we can't attach session correctly with
>> IP.  I tried to use IP as we may have to add hostname as we accessing it
>> remotely. Any solution for that?
>>
>> [1] https://docs.wso2.com/display/IS530/SAML2+Bearer+Asserti
>> on+Profile+for+OAuth+2.0+with+WSO2+Travelocity
>>
>> Thanks,
>> Dilshani
>>
>> --
>>
>> Dilshani Subasinghe
>> Software Engineer - QA *|* WSO2
>> lean *|* enterprise *|* middleware
>>
>> Mobile : +94773375185 <+94%2077%20337%205185>
>> Blog: dilshani.me
>>
>> 
>>
>
>
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> *
> twitter: https://twitter.com/godwinamila
> 
>



-- 

Dilshani Subasinghe
Software Engineer - QA *|* WSO2
lean *|* enterprise *|* middleware

Mobile : +94773375185
Blog: dilshani.me


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

2017-11-13 Thread Godwin Shrimal

Hi Dilshani,

What do u mean by "while sending the SAML request it may not set the
session."  and "it may attach session correctly in the request."  ?

I am not clear what are you referring attaching session in the request here?


Thanks
Godwin

On Mon, Nov 13, 2017 at 7:04 PM, Dilshani Subasinghe 
wrote:

> Hi IS Team,
>
> Configured SAML 2 SSO in WSO2 IS 5.3.0 for the scenario of "SAML2 Bearer
> Assertion Profile for OAuth 2.0 with WSO2 Travelocity". It worked well and
> moved the setup to cloud instance.
>
> When it is working in cloud set up, it identified that while sending the
> SAML request it may not set the session. I used IP instead of hostname.
> When we give hostname in assertion URL, it may attach session correctly in
> the request.
>
> Is that the expected behavior? Why we can't attach session correctly with
> IP.  I tried to use IP as we may have to add hostname as we accessing it
> remotely. Any solution for that?
>
> [1] https://docs.wso2.com/display/IS530/SAML2+Bearer+
> Assertion+Profile+for+OAuth+2.0+with+WSO2+Travelocity
>
> Thanks,
> Dilshani
>
> --
>
> Dilshani Subasinghe
> Software Engineer - QA *|* WSO2
> lean *|* enterprise *|* middleware
>
> Mobile : +94773375185 <+94%2077%20337%205185>
> Blog: dilshani.me
>
> 
>



-- 
*Godwin Amila Shrimal*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
*
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

2017-11-13 Thread Thanuja Jayasinghe

Hi Hasintha,

This is the session created by Travelocity app(SP session) and Travelocity
keeps SAML2 assertion in that session. So better have look at the logic
which Travelocity set the cookie after receiving the SAML2 response from
the Identity Server.

Thanks,
Thanuja

On Mon, Nov 13, 2017 at 9:30 PM, Hasintha Indrajee 
wrote:

> Hi Dilshani,
>
> In SAML bearer grant type, there is no session associated with. If you
> have a valid SAML assertion obtained from a trusted IDP (have to be
> configured in IS) it should work. What do you mean by session in this
> context ?.  Also the flow you have described seems unclear since you are
> using travelocity. Can you please elaborate more ?
>
>
> On Mon, Nov 13, 2017 at 7:04 PM, Dilshani Subasinghe 
> wrote:
>
>> Hi IS Team,
>>
>> Configured SAML 2 SSO in WSO2 IS 5.3.0 for the scenario of "SAML2 Bearer
>> Assertion Profile for OAuth 2.0 with WSO2 Travelocity". It worked well and
>> moved the setup to cloud instance.
>>
>> When it is working in cloud set up, it identified that while sending the
>> SAML request it may not set the session. I used IP instead of hostname.
>> When we give hostname in assertion URL, it may attach session correctly in
>> the request.
>>
>> Is that the expected behavior? Why we can't attach session correctly with
>> IP.  I tried to use IP as we may have to add hostname as we accessing it
>> remotely. Any solution for that?
>>
>> [1] https://docs.wso2.com/display/IS530/SAML2+Bearer+Asserti
>> on+Profile+for+OAuth+2.0+with+WSO2+Travelocity
>>
>> Thanks,
>> Dilshani
>>
>> --
>>
>> Dilshani Subasinghe
>> Software Engineer - QA *|* WSO2
>> lean *|* enterprise *|* middleware
>>
>> Mobile : +94773375185 <077%20337%205185>
>> Blog: dilshani.me
>>
>> 
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <077%20189%202453>
>
>


-- 
*Thanuja Lakmal*
Associate Technical Lead
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

2017-11-13 Thread Hasintha Indrajee

Hi Dilshani,

In SAML bearer grant type, there is no session associated with. If you have
a valid SAML assertion obtained from a trusted IDP (have to be configured
in IS) it should work. What do you mean by session in this context ?.  Also
the flow you have described seems unclear since you are using travelocity.
Can you please elaborate more ?


On Mon, Nov 13, 2017 at 7:04 PM, Dilshani Subasinghe 
wrote:

> Hi IS Team,
>
> Configured SAML 2 SSO in WSO2 IS 5.3.0 for the scenario of "SAML2 Bearer
> Assertion Profile for OAuth 2.0 with WSO2 Travelocity". It worked well and
> moved the setup to cloud instance.
>
> When it is working in cloud set up, it identified that while sending the
> SAML request it may not set the session. I used IP instead of hostname.
> When we give hostname in assertion URL, it may attach session correctly in
> the request.
>
> Is that the expected behavior? Why we can't attach session correctly with
> IP.  I tried to use IP as we may have to add hostname as we accessing it
> remotely. Any solution for that?
>
> [1] https://docs.wso2.com/display/IS530/SAML2+Bearer+Asserti
> on+Profile+for+OAuth+2.0+with+WSO2+Travelocity
>
> Thanks,
> Dilshani
>
> --
>
> Dilshani Subasinghe
> Software Engineer - QA *|* WSO2
> lean *|* enterprise *|* middleware
>
> Mobile : +94773375185 <077%20337%205185>
> Blog: dilshani.me
>
> 
>



-- 
Hasintha Indrajee
WSO2, Inc.
Mobile:+94 771892453 <077%20189%202453>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] SAML 2 SSO Login Session Issue

2017-11-13 Thread Dilshani Subasinghe

Hi IS Team,

Configured SAML 2 SSO in WSO2 IS 5.3.0 for the scenario of "SAML2 Bearer
Assertion Profile for OAuth 2.0 with WSO2 Travelocity". It worked well and
moved the setup to cloud instance.

When it is working in cloud set up, it identified that while sending the
SAML request it may not set the session. I used IP instead of hostname.
When we give hostname in assertion URL, it may attach session correctly in
the request.

Is that the expected behavior? Why we can't attach session correctly with
IP.  I tried to use IP as we may have to add hostname as we accessing it
remotely. Any solution for that?

[1]
https://docs.wso2.com/display/IS530/SAML2+Bearer+Assertion+Profile+for+OAuth+2.0+with+WSO2+Travelocity

Thanks,
Dilshani

-- 

Dilshani Subasinghe
Software Engineer - QA *|* WSO2
lean *|* enterprise *|* middleware

Mobile : +94773375185
Blog: dilshani.me


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

Re: [Dev] [IS] SAML 2 SSO Login Session Issue

[Dev] [IS] SAML 2 SSO Login Session Issue

6 matches

Site Navigation

Mail list logo

Footer information