Re: [Dev] [IAM] - Getting User Consents using Browserless Clients

2018-10-03 Thread Winma Heenatigala 
Thank you !

On Fri, Sep 28, 2018 at 12:35 PM Isura Karunaratne  wrote:

>
>
> On Fri, Sep 28, 2018 at 12:16 PM Winma Heenatigala  wrote:
>
>> Hi all,
>>
>> I am working on my project to implement SAML ECP(Enhanced Client or
>> proxy) profile for WSO2 Identity Server.
>>
>> In contrast to the SAML Web based SSO, SAML ECP profile is related to
>> browserless clients. The following diagram shows how the message flow
>> happens.
>>
>>
>>
>>
>> For testing purposes I needed an ECP enabled Service Provider and a
>> client. For that, I used Shibboleth SP and a Simple Bash client[1] provided
>> by Shibboleth.
>>
>> I created a new Servlet called SAMLECPProviderServlet to capture the SOAP
>> bound SAML authentication request sent by the Enhanced Client. The basic
>> auth credentials (username and password) were sent by the client to the IDP
>> in the HTTP request authorization header. Using a request wrapper, basic
>> auth credentials were set to the sectoken parameter, the saml request was
>> extracted from the soap envelope and forwarded the new request to the
>> SAMLSSOProviderServlet. Then the request could process in the way that the
>> Request Path Authenticator works. Inside the SAMLSSOServlet, for the
>> requests from the ECP clients, a separate response was created where the
>> saml response was enclosed in a soap envelope.
>>
>> Since the client is browserless there is an issue in providing user
>> consents. I am looking for a way that our identity server can use to get
>> consents from the users without using the browser. (using the bash
>> client).Your valued suggestions are highly appreciated.
>>
>
> IMO, We have to do the consent management from the application side. Since
> the ECP client is not browser based, there is no way to handle the consents
> from the Identity Server at the moment.
>
> Thanks
> Isura.
>
>
>> Thank you!
>>
>> --
>>
>> *Winma Heenatigala*
>> *Trainee Software Engineer | WSO2*
>>
>> *Mobile : +94719132444*
>>
>>
>>
>>
>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2 
> *lean.enterprise.middleware*
> Email: is...@wso2.com
> Mob : +94 772 254 810
> Blog : http://isurad.blogspot.com/
>
>
>
>

-- 

*Winma Heenatigala*
*Trainee Software Engineer | WSO2*

*Mobile : +94719132444*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IAM] - Getting User Consents using Browserless Clients

2018-09-28 Thread Isura Karunaratne 
On Fri, Sep 28, 2018 at 12:16 PM Winma Heenatigala  wrote:

> Hi all,
>
> I am working on my project to implement SAML ECP(Enhanced Client or proxy)
> profile for WSO2 Identity Server.
>
> In contrast to the SAML Web based SSO, SAML ECP profile is related to
> browserless clients. The following diagram shows how the message flow
> happens.
>
>
>
>
> For testing purposes I needed an ECP enabled Service Provider and a
> client. For that, I used Shibboleth SP and a Simple Bash client[1] provided
> by Shibboleth.
>
> I created a new Servlet called SAMLECPProviderServlet to capture the SOAP
> bound SAML authentication request sent by the Enhanced Client. The basic
> auth credentials (username and password) were sent by the client to the IDP
> in the HTTP request authorization header. Using a request wrapper, basic
> auth credentials were set to the sectoken parameter, the saml request was
> extracted from the soap envelope and forwarded the new request to the
> SAMLSSOProviderServlet. Then the request could process in the way that the
> Request Path Authenticator works. Inside the SAMLSSOServlet, for the
> requests from the ECP clients, a separate response was created where the
> saml response was enclosed in a soap envelope.
>
> Since the client is browserless there is an issue in providing user
> consents. I am looking for a way that our identity server can use to get
> consents from the users without using the browser. (using the bash
> client).Your valued suggestions are highly appreciated.
>

IMO, We have to do the consent management from the application side. Since
the ECP client is not browser based, there is no way to handle the consents
from the Identity Server at the moment.

Thanks
Isura.


> Thank you!
>
> --
>
> *Winma Heenatigala*
> *Trainee Software Engineer | WSO2*
>
> *Mobile : +94719132444*
>
>
>
>

-- 

*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2 
*lean.enterprise.middleware*
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IAM] - Getting User Consents using Browserless Clients

2018-09-28 Thread Winma Heenatigala 
Hi all,

I am working on my project to implement SAML ECP(Enhanced Client or proxy)
profile for WSO2 Identity Server.

In contrast to the SAML Web based SSO, SAML ECP profile is related to
browserless clients. The following diagram shows how the message flow
happens.




For testing purposes I needed an ECP enabled Service Provider and a client.
For that, I used Shibboleth SP and a Simple Bash client[1] provided by
Shibboleth.

I created a new Servlet called SAMLECPProviderServlet to capture the SOAP
bound SAML authentication request sent by the Enhanced Client. The basic
auth credentials (username and password) were sent by the client to the IDP
in the HTTP request authorization header. Using a request wrapper, basic
auth credentials were set to the sectoken parameter, the saml request was
extracted from the soap envelope and forwarded the new request to the
SAMLSSOProviderServlet. Then the request could process in the way that the
Request Path Authenticator works. Inside the SAMLSSOServlet, for the
requests from the ECP clients, a separate response was created where the
saml response was enclosed in a soap envelope.

Since the client is browserless there is an issue in providing user
consents. I am looking for a way that our identity server can use to get
consents from the users without using the browser. (using the bash
client).Your valued suggestions are highly appreciated.

Thank you!

-- 

*Winma Heenatigala*
*Trainee Software Engineer | WSO2*

*Mobile : +94719132444*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev