• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Introduction to SAML 2.0
 

Introduction to SAML 2.0

on

  • 38,593 views

Slides from a tech talk I gave about SAML 2.0 and Liferay

Slides from a tech talk I gave about SAML 2.0 and Liferay

Statistics

Views

Total Views
38,593
Views on SlideShare
38,533
Embed Views
60

Actions

Likes
39
Downloads
0
Comments
7

11 Embeds 60

https://twitter.com 19
http://ams.activemailservice.com 13
http://jamesjallen.me 11
http://blog.educalab.es 4
http://www.pearltrees.com 3
http://www.docshut.com 3
http://www.linkedin.com 2
http://paper.li 2
http://swazzy.com 1
http://www.slashdocs.com 1
https://bb.csueastbay.edu 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

17 of 7 previous next Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • I am implementing scenario where Liferay will act as SP where Aure AD act as IDP. we configure metadata in SP using # The metadata location for Identity Provider
    saml.metadata.paths= . Do we needs to configure metadata at IDP side as well?
    Are you sure you want to
    Your message goes here
    Processing…
  • @NeelamSolenki Liferay does not support SAML 1.0
    Are you sure you want to
    Your message goes here
    Processing…
  • hi ,
    Can you please share the SAML 1.0 meta data template file, since I need to integrate a partner using SAML 1.0
    Are you sure you want to
    Your message goes here
    Processing…
  • Thanks Mika ; the SalesForce youtube offers rapid learning.. now into Liferay specific I go...
    Are you sure you want to
    Your message goes here
    Processing…
  • Nice presentation. If you need to support CE, AssureBridge makes a Liferay IDP and SP adapter that supports SAML 1.1, SAML 2.0, OpenID, WS-Federation, LDAP and Active Directory.

    http://www.assurebridge.com/integrations/liferay-saml-single-sign-on-i­ntegration/

    Thanks,

    Oleg
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Introduction to SAML 2.0 Introduction to SAML 2.0 Presentation Transcript

    • Introduction to SAML 2.0Mika KoivistoSenior Software Engineer
    • Agenda Introduction SAML Concepts Liferay and SAML 2.0 Demo
    • What is SAML? Security Assertion Markup Language XML based protocol OASIS approved standard SAML 1.0 November 2002 SAML 1.1 September 2003 SAML 2.0 March 2005 Flexible and extensible protocol designed to be used by other standards
    • SAML Roles Identity Provider (IdP) / Asserting party Service Provider (SP) / Relying party User
    • Advantages of SAML Platform neutral Loose coupling of directories Improved online experience for end users Supported by many SaaS applications Increased security Strong commercial and open source support
    • Use cases Web Single Sign-On Attribute based authorization Identity Federation WS-Security
    • SAML Concepts
    • Protocols Authentication Request Protocol Assertion Query and Request Protocol Artifact Resolution Protocol Name Identifier Management Protocol Name Identifier Mapping Protocol Single Logout Protocol
    • Bindings HTTP Redirect Binding HTTP Post Binding HTTP Artifact Binding SAML SOAP Binding Reverse SOAP (PAOS) Binding SAML URI Binding
    • Profiles Web Browser SSO Profile Enhanced Client and Proxy (ECP) Profile Identity Provider Discovery Profile Single Logout Profile Assertion Query/Request Profile Artifact Resolution Profile Name Identifier Management Profile Name Identifier Mapping Profile
    • Liferay and SAML 2.0 Available as a EE plugin Supports two operation modes Identity Provider Service Provider Built on top of OpenSAML Uses Java keystore for credentials Configured using SAML metadata and portal(- ext).properties
    • Features IdP initiated Web SSO SP initiated Web SSO SP initiated Single Logout IdP initiated Single Logout Consumes and Produces SAML Metadata Attribute statement generation (IdP) JIT provisioning using attribute statements (SP)
    • IdP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (AuthnRequest and Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
    • SP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
    • SP initiated Single Sign-On
    • IdP initiated Single Sign-On
    • SP Initiated Single Logout
    • IdP Initiated Single Logout
    • Configuration - IdP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlidpdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=idp saml.entity.id=liferaysamlidpdemo saml.metadata.paths= ${liferay.home}/saml/salesforce.xml, http://beta.test.com:9080/c/portal/saml/metadata saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlidpdemo]=liferay
    • Configuration - SP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlspdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=sp saml.entity.id=liferaysamlspdemo saml.metadata.paths=http://localhost:8080/c/portal/saml/metadata saml.sp.default.idp.entity.id=liferaysamlidpdemo saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlspdemo]=liferay
    • Extension points com.liferay.saml.resolver.AttributeResolver com.liferay.saml.resolver.NameIdResolver saml-spring.xml com.liferay.saml.profile.SingleLogoutProfile com.liferay.saml.profile.WebSsoProfile
    • Demo SalesForce.com Google Apps Liferay Service Provider
    • Resources http://saml.xml.org/saml-specifications Liferay SAML plugin config reference http://bit.ly/lrsamlplugin Difficulties of Single Logout https://wiki.shibboleth.net/confluence/display/SHIB2/ SLOIssues Seamless Single Sign-On with SAML (salesforce) http://www.youtube.com/watch?v=Gztz6h0LgA8
    • Thank You!