SAML request and response in JAVA

First, let me tell you what my situation is. I have 3 service providers and 1 identity provider. (i.e. I am a service provider as well as an identity provider). I want to implement SSO using SAML.
I am writing a SAML request like this:



I can send the request properly. I don't understand how I should react. There are many attributes in the response code like Digest, Certificate, etc,. What are they?

Is there a rule that I should only follow the SAML protocol. Can I create my own protocol since I am a Service and also an Identity Provider?


source to share

1 answer

The following is a snippet of SAML V2.0 Technical Overview . The document is really worth a look. After that, you must define your business use case, select a profile for that use case, and implement the protocol that matches that profile. If the profile does not exist, you can define your own protocol. The request and response attributes will depend on the profile.

SAML consists of building block components that, when combined, can support multiple use cases. Components generally allow the transfer of identification, authentication, attribute, and authorization information between autonomous organizations that have established trust relationships.

The core SAML specification defines the structure and content of both assertions and protocol messages used to convey this information.

SAML assertions contain assertions about a principle asserted by an assertive party. The actual structure and content of the claim is determined by the XML Schema of the SAML claim. Claims are usually created by the declaring party based on some kind of request from the relying party, although under certain circumstances, assertions may be transferred to the relying party in an unsolicited manner. SAML protocol messages are used to create SAML-specific requests and return appropriate responses. The structure and content of these messages is defined by an XML schema defined by SAML.

The means by which lower layer communication or messaging protocols (such as HTTP or SOAP) are used to pass SAML messages between participants is defined by SAML bindings.

Next, SAML profiles are defined to suit a specific business use case, such as a Web browser SSO profile. Profiles typically define content restrictions on SAML claims, protocols, and bindings in order to allow interoperable business use. There are also non-message and protocol bindings attribute profiles that define how attribute information is exchanged using assertions in ways that are consistent with a number of common usage environments (eg, X.500 / LDAP, DCE).



All Articles