saml | A simple , secure , pluggable Golang implementation of SAML | Authentication library

Regarding the heading, can someone tell me what is the latest version of opensaml-saml-api?

I can see that on maven repository(https://repo1.maven.org/maven2/org/opensaml/opensaml-saml-api/) it's latest version is listed as 4.0.1

Is there any other official site where I can get hold of latest opensaml version information?

I have a application build with .NET Core. This application is very simple, but the problem is that I have to integrate a 2FA app (PingId) for double security instead of one simple Login. I am guided to use SAML, for building bridges between Service Provider and Identity Provider. I have found some solutions online, and one of them that is open source is itfoxtec.identity.saml2.

What I want to know is that, is there anyone who can clear the way how this works? I mean I cannot understand some url in appsetting.json file.

Here is a demo of this file:

https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/master/test/TestWebAppCore/appsettings.json

For example IdPMetadata key is a xml file that has to be provided by Identity Provider administrator?

SigningCertificateFile is a generated certificate by my Service Provider app or is something builded inside the application, if that is how to generate it?

We have a server with about a dozen small applications each in their own subfolder of the server (//URL/app1, //URL/app2, etc).

I've got the basic SSO authentication round trip working. I set up my account with my IDP and have the response set to go to a common landing page (ACS URL). Since the landing page is currently shared with all the apps, it is in a separate folder distinct from the apps (//URL/sso/acsLandingPage.cfm)

I'm now working on my first app. I can detect the user is not logged in so I do a initSAMLAuthRequest(idp, sp, relayState: "CALLING_PAGE_URL") and that goes out, authenticates, then returns to the landing page.

But how do I redirect back to my target application and tell it the user is authenticated?

If I just do a the original app doesn't know about the SAML request.

Is there a function that I can call in the original app that will tell if the current browser/user has an open session?

Do I need to set up separate SP for each application so rather than one common landing page each app would have its own landing page so it can set session variables to pass back to the main application? (the IDP treats our apps as "one server", I can get separate keys if that is the best way to deal with this).

My current working idea for the ACS landing page is to parse the relayState URL to find out which application started the init request and then do something like this:

ACSLandingPage.cfm

I had to update simplesamlphp on an old PHP server, the old version of the library was from 2010. Simplesamlphp is used as a Service Provider (SP) in a SP initiated enviroment.

I replaced it with the 09/'20 release and configured it the same. It's all working except one thing.

Simplesamlphp uses the PHPSESSION to store the session, by feature it replaces the php session with his and should set the old one again once the cleanup() method is called (on the session instance), after the authentication's complete.

This is not working, but I was fine with it because it didn't matter for the user.

Now I have to implement a button to test the SAML integration on a protected page. By protected I mean it requires to be authenticated (through Zend Auth) to view the page, otherwise it automatically redirects (server side) the user to the homepage.

This is the code of the Action of this button (to test the SAML integration), that is inside this protected controller:

Is it possible to set a AssertionConsumerServiceIndex in a AuthnRequest like this SAML example below with ITfoxtec SAML 2.0

I want to have somethings like this:

I want to build a site hosted with Spring Boot and I would like to use AWS SSO as the SAML identity provider for authentication. I have built a PoC application and tried to follow AWS configuration instructions and the Spring SAML examples I could find, but when I browse to my site (on localhost), AWS SSO successfully opens but then fails with "Bad Input".

In my PoC application (which only has code for the authentication and an index page) I have:

• added the spring-security-saml2-service-provider dependency (Spring Boot v2.6.2)
• set up a Custom Application in AWS SSO
• generated a private key and a self-signed certificate
• configured my application properties as follows:

In the below code is there any way I can parameterize the sst part.

I tried with concat and other methods like set ssourl=url, sst = $ssourl but of no luck. And many other methods like using concat, Identifier.

I can't parameterize cert since it has limit of 256 bytes. Is there any way I can parameterize sst in the below code. Thanks

I'm trying to configure AWS Cognito to work with ADFS as a SAML provider in a dotnet core 3.1 MVC application. I believe I have ADFS and Cognito correctly configured as I can log into the application using a user in ADFS. I am at a stage where I can login and logout, however when logging out ADFS throws the error:

MSIS7054: The SAML logout did not complete properly.

This does still log the user out of ADFS. I think I’ve narrowed it down to the SAML logout messages ADFS receives need to be signed. References: here, here and here

Amazon describe how to do this from there end

To set up the SAML IdP to add a signing certificate: To get the certificate containing the public key which will be used by the identity provider to verify the signed logout request, choose Show signing certificate under Active SAML Providers on the SAML dialog under Identity providers on the Federation console page.

However, I’m not sure how I take their public key (which is just a string) and provided that to ADFS. The only thing I can seem to find is an encryption tab, that takes a certificate file (Is there some conversion thing I need to do?). I have tried this, which is putting the key inside a .cert file and adding to the relaying party encryption tab of ADFS, however this did not work.

Any help would be appreciated.

Thanks, Adam

Our identity server uses identity server 3 and implements sustainsys.saml2 for SAML integration. We have made an effort to move from v1 to v2 of the SustainSys.Saml2 NuGets. With v1, we explicitly set our audience restrictions by doing: