Saml2 | Saml2 Authentication services for ASP.NET | Authentication library
kandi X-RAY | Saml2 Summary
kandi X-RAY | Saml2 Summary
[Join the chat at Sustainsys.Saml2.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of Saml2
Saml2 Key Features
Saml2 Examples and Code Snippets
Community Discussions
Trending Discussions on Saml2
QUESTION
I am using djangosaml2 to authenticate my users. i've been using it for a long time now with no problem. i am currently in the process of upgrading python and django to newer versions and the authentication does not work any more. Using the logs, i see that the authentication in djangosaml2 is successful butin my view, the request.user is anonymous user.
Here are the working and none-working libraty versions that i use:
Python: 2.7 --> 3.8
Django: 1.9 --> 1.11
djangosaml2: 0.17.2 (in both evns.)
pysaml2: 4.0.5 --> 6.5.1 (tested also with 4.0.5)
Additional Info:
i see that the call to /saml2/acs/ redirects to "/" (access to my site) and the response includes the session_id.
The next http call - to "/" - includes the received session_id.
However, in the Dbase i do not see this session id. As the session id is not found in the Dbase, it is indeed considered as anonymous.
Any idea why the session id is not stored?
...ANSWER
Answered 2021-Jun-12 at 12:19Ok, at last - i have a solution!
The problem arises as in saml2 i deleted the user's pwd in my post authenticate method (for some other reason). This pwd is not something the user is aware of and as such, no harm was done. Turns out that the library creates a password that is used for calculating the session hash code even though the user itself is not aware of this pwd. The session hash is calculated with this pwd. when compared with the calculated hash (based on user's deleted pwd) te result is False - causing the session to be flushed (and as there is no session, the user is anonymous)
This behavior is not new. Why did it work before, then?
In older django versions, the get_user (in contrib.auth.init) used to check the hash with the following condition:
QUESTION
Actually, we use Google IdP as a SSO / SAML authentication type for our application. We have configured it to connect our users to our application and it works fine. But recently, we have also wanted to ask a reauthentication to our users for different actions that could happen during the application lifecycle.
In deeper details, when we send a SAML request to the Google Idp, we add the attribute ForceAuthn="true" in the node "AuthnRequest" and we also add a AuthnContextClassRef to ask explicitly that we want a reauthentication by credentials.
When we send this SAML request to the Google IdP, the problem is that the IdP server doesn't ask credentials to the end user and redirect directly to the application with a successful response.
Is that normal ? Does the Google IdP support the attribute ForceAuthn="true" ? I didn't find any documentation on this topic.
Here is an example of the SAML request that has been sent to the IdP:
...ANSWER
Answered 2021-Jun-10 at 09:00Official answer from Google support: "Google doesn't currently implement Single Log out/account reauthentication, for SAML authorized services. You may alternatively have the use of "session lengths"".
QUESTION
I'm validating AAD-SSO for TestWebApp(ASP.NET MVC) ITfoxtec / ITfoxtec.Identity.Saml2.
I confirmed login -> AAD sign-in -> Redirect to app but app still remains not logging-in.
I assigned "https://localhost:***/Metadata" as Redirect Uri.
I checked the other settings from another post.
However that means the app only makes a xml file.
Tell the procedure if there's anyone who succeeded logging-in on app?
Or do I have to build new logic?
e.g. of logic) receive session from AAD and
ANSWER
Answered 2021-Jun-10 at 07:57The https://localhost:***/Metadata is the metadata URL. AAD needs to redirect back to the applications AssertionConsumerService endpoint.
You can have AAD reading the metadata or you can configure the AssertionConsumerService endpoint manually in AAD.
QUESTION
For my Django application, I am trying to enable SSO using Djangosaml2 and following are the versions I am using
djangosaml2==1.2.0
pysaml2==7.0.0
djangorestframework==3.12.2
Django==3.1.7
python==3.8
My saml2_settings is as follows
...ANSWER
Answered 2021-Jun-07 at 13:30I ended up doing the following two things, then it started working for me
Downgraded the djangosaml2 and pysaml version to 0.19.0 and 4.9.0 respectively.
For HTTPS connection, added SESSION_COOKIE_SECURE = True and for dev i.e. run server cases, SESSION_COOKIE_SECURE = False in your settings.py
QUESTION
I'm trying to implement ITfoxtec.Identity.Saml2 library to send AuthnRequest to IdP with redirect binding. The IdP requires ds:Signature element to be presented in AuthnRequest, but when I set saml2Configuration.SignAuthnRequest to true as recommended here, the Signature element is still not there. It works with post binding, but I would like to use redirect binding.
In the code I see there is XmlDocument = XmlDocument.SignDocument(...) in Saml2PostBinding.BindInternal() but it is not in Saml2RedirectBinding.BindInternal()
Is there any reason why it is not in redirect binding as well? Am I somehow able to get Signature element there?
Thank you.
...ANSWER
Answered 2021-Jun-03 at 18:58If a AuthnRequest is signed using a PostBinding the signature is added to the XML.
But if you do a RedirectBinding the signature and sign method is added as URL paramenters along side the SAMLRequest parameter, like this example:
QUESTION
I'm using the ITfoxtec Identity SAML2 library with Keycloak as IdP. When requesting the IdP metadata information, the ITfoxtec Identity SAML2 library seems not to recognize the tag and expects a as the top level element in the metadata xml. Use of is described in https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf
...ANSWER
Answered 2021-May-18 at 10:45I have released version 4.6.2-beta1 with support for reading SAML 2.0 metadata with a EntitiesDescriptor root element. The first EntityDescriptor element is selected.
Please let me know if it works for you.
QUESTION
I am trying to add a new custom authentication-provider with a WLST online-mode script but I get a class not found exception despite I can see my provider on the WL console.
This is the situation:
- I have a JAR file, it contains a custom WebLogic authentication-provider.
- The JAR is copied under the
user_projects/domains/$DOMAIN_NAME/lib/directory. - I can see the custom auth provider on the WL console, appears in the list:
Home > Security Realms > myrealm > Providers > new> Type - I can add this custom provider by hand via WL Console.
But I need to automate this step so I have created a WLST script for this. The relevant part of the WLST is this:
...ANSWER
Answered 2021-Mar-16 at 10:32I added my JAR to the WLST classpath, but this did not help.
- I changed the
CLASSPATHvariable because thewlst.shexecutes a java command in the background so this standard variable must be considered. It did not work. - I added the
-cpJVM param manually to the java command that starts the WlST. It did not work.
The only workaround that worked for me is that the following:
- for WL console: copy the JAR that contains the custom authentication provider under
$ORACLE_HOME/user_projects/domains/$DOMAIN_NAME/lib/directory - for WLST: copy the JAR to
$ORACLE_HOME/wlserver/server/lib/mbeantypes/
The 2nd copy solved the class not found issue thrown by the WLST.
If you know a better, more standard way, please let me know.
QUESTION
I'm using the ITfoxtec.Identity.Saml2 package and have it connected to the Danish NemLog-in 3. How do I require the NSIS level High in a SAML 2.0 Authn Request?
...ANSWER
Answered 2021-May-12 at 10:05You can add a RequestedAuthnContext to the Saml2AuthnRequest and with that add a AuthnContextClassRef requiring the NSIS level High (https://data.gov.dk/concept/core/nsis/loa/High).
Set the Comparison to Minimum.
QUESTION
I am using openconnect --protocol=gp vpn.mysite.com and it says its connecting, but it is waiting for the SAML authentication. The command and authentication works on my debian machine it prompts for a username and password, but trying on my other linux machine it does not seem to want to prompt for authentication. This is the output:
...ANSWER
Answered 2021-May-09 at 01:15solved by adding --usergroup=gateway to the command
so the total command that works is
QUESTION
I followed Spring Security SAML2 Using G Suite as Idp Cannot resolve method 'saml2login' in 'Http Security' I am getting this error some body plz help.
...ANSWER
Answered 2021-May-07 at 14:46Solution: I am using spring boot 2.1.x version in my project. On changing it to 4.2.1, issue is solved.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install Saml2
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
