Introduction to SAML 2.0Mika KoivistoSenior Software Engineer
Agenda  Introduction  SAML Concepts  Liferay and SAML 2.0  Demo
What is SAML?  Security Assertion Markup Language  XML based protocol  OASIS approved standard    SAML 1.0 November 2002  ...
SAML Roles  Identity Provider (IdP) / Asserting party  Service Provider (SP) / Relying party  User
Advantages of SAML  Platform neutral  Loose coupling of directories  Improved online experience for end users  Supported b...
Use cases  Web Single Sign-On  Attribute based authorization  Identity Federation  WS-Security
SAML Concepts
Protocols  Authentication Request Protocol  Assertion Query and Request Protocol  Artifact Resolution Protocol  Name Ident...
Bindings  HTTP Redirect Binding  HTTP Post Binding  HTTP Artifact Binding  SAML SOAP Binding  Reverse SOAP (PAOS) Binding ...
Profiles  Web Browser SSO Profile  Enhanced Client and Proxy (ECP) Profile  Identity Provider Discovery Profile  Single Lo...
Liferay and SAML 2.0  Available as a EE plugin  Supports two operation modes    Identity Provider    Service Provider  Bui...
Features  IdP initiated Web SSO  SP initiated Web SSO  SP initiated Single Logout  IdP initiated Single Logout  Consumes a...
IdP Supported Bindings  Web Single Sign-On Profile    HTTP Redirect Binding (AuthnRequest)    HTTP Post Binding (AuthnRequ...
SP Supported Bindings  Web Single Sign-On Profile    HTTP Redirect Binding (AuthnRequest)    HTTP Post Binding (Response) ...
SP initiated Single Sign-On
IdP initiated Single Sign-On
SP Initiated Single Logout
IdP Initiated Single Logout
Configuration - IdP  Create keystore with signing key  keytool -genkey -keyalg RSA -alias liferaysamlidpdemo -keystore key...
Configuration - SP  Create keystore with signing key  keytool -genkey -keyalg RSA -alias liferaysamlspdemo -keystore keyst...
Extension points  com.liferay.saml.resolver.AttributeResolver  com.liferay.saml.resolver.NameIdResolver  saml-spring.xml  ...
Demo SalesForce.com Google Apps Liferay Service Provider
Resources  http://saml.xml.org/saml-specifications  Liferay SAML plugin config reference  http://bit.ly/lrsamlplugin  Diff...
Thank You!
Upcoming SlideShare
Loading in...5
×

Introduction to SAML 2.0

54,282

Published on

Slides from a tech talk I gave about SAML 2.0 and Liferay

Published in: Technology
7 Comments
59 Likes
Statistics
Notes
  • I am implementing scenario where Liferay will act as SP where Aure AD act as IDP. we configure metadata in SP using # The metadata location for Identity Provider
    saml.metadata.paths= . Do we needs to configure metadata at IDP side as well?
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • @NeelamSolenki Liferay does not support SAML 1.0
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • hi ,
    Can you please share the SAML 1.0 meta data template file, since I need to integrate a partner using SAML 1.0
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Thanks Mika ; the SalesForce youtube offers rapid learning.. now into Liferay specific I go...
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Nice presentation. If you need to support CE, AssureBridge makes a Liferay IDP and SP adapter that supports SAML 1.1, SAML 2.0, OpenID, WS-Federation, LDAP and Active Directory.

    http://www.assurebridge.com/integrations/liferay-saml-single-sign-on-i­ntegration/

    Thanks,

    Oleg
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
54,282
On Slideshare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
0
Comments
7
Likes
59
Embeds 0
No embeds

No notes for slide

Introduction to SAML 2.0

  1. 1. Introduction to SAML 2.0Mika KoivistoSenior Software Engineer
  2. 2. Agenda Introduction SAML Concepts Liferay and SAML 2.0 Demo
  3. 3. What is SAML? Security Assertion Markup Language XML based protocol OASIS approved standard SAML 1.0 November 2002 SAML 1.1 September 2003 SAML 2.0 March 2005 Flexible and extensible protocol designed to be used by other standards
  4. 4. SAML Roles Identity Provider (IdP) / Asserting party Service Provider (SP) / Relying party User
  5. 5. Advantages of SAML Platform neutral Loose coupling of directories Improved online experience for end users Supported by many SaaS applications Increased security Strong commercial and open source support
  6. 6. Use cases Web Single Sign-On Attribute based authorization Identity Federation WS-Security
  7. 7. SAML Concepts
  8. 8. Protocols Authentication Request Protocol Assertion Query and Request Protocol Artifact Resolution Protocol Name Identifier Management Protocol Name Identifier Mapping Protocol Single Logout Protocol
  9. 9. Bindings HTTP Redirect Binding HTTP Post Binding HTTP Artifact Binding SAML SOAP Binding Reverse SOAP (PAOS) Binding SAML URI Binding
  10. 10. Profiles Web Browser SSO Profile Enhanced Client and Proxy (ECP) Profile Identity Provider Discovery Profile Single Logout Profile Assertion Query/Request Profile Artifact Resolution Profile Name Identifier Management Profile Name Identifier Mapping Profile
  11. 11. Liferay and SAML 2.0 Available as a EE plugin Supports two operation modes Identity Provider Service Provider Built on top of OpenSAML Uses Java keystore for credentials Configured using SAML metadata and portal(- ext).properties
  12. 12. Features IdP initiated Web SSO SP initiated Web SSO SP initiated Single Logout IdP initiated Single Logout Consumes and Produces SAML Metadata Attribute statement generation (IdP) JIT provisioning using attribute statements (SP)
  13. 13. IdP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (AuthnRequest and Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
  14. 14. SP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
  15. 15. SP initiated Single Sign-On
  16. 16. IdP initiated Single Sign-On
  17. 17. SP Initiated Single Logout
  18. 18. IdP Initiated Single Logout
  19. 19. Configuration - IdP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlidpdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=idp saml.entity.id=liferaysamlidpdemo saml.metadata.paths= ${liferay.home}/saml/salesforce.xml, http://beta.test.com:9080/c/portal/saml/metadata saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlidpdemo]=liferay
  20. 20. Configuration - SP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlspdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=sp saml.entity.id=liferaysamlspdemo saml.metadata.paths=http://localhost:8080/c/portal/saml/metadata saml.sp.default.idp.entity.id=liferaysamlidpdemo saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlspdemo]=liferay
  21. 21. Extension points com.liferay.saml.resolver.AttributeResolver com.liferay.saml.resolver.NameIdResolver saml-spring.xml com.liferay.saml.profile.SingleLogoutProfile com.liferay.saml.profile.WebSsoProfile
  22. 22. Demo SalesForce.com Google Apps Liferay Service Provider
  23. 23. Resources http://saml.xml.org/saml-specifications Liferay SAML plugin config reference http://bit.ly/lrsamlplugin Difficulties of Single Logout https://wiki.shibboleth.net/confluence/display/SHIB2/ SLOIssues Seamless Single Sign-On with SAML (salesforce) http://www.youtube.com/watch?v=Gztz6h0LgA8
  24. 24. Thank You!

×