SlideShare a Scribd company logo

Introduction to SAML 2.0

Mika Koivisto
Mika Koivisto

Slides from a tech talk I gave about SAML 2.0 and Liferay

Technology
1 of 24
Introduction to SAML 2.0 Mika Koivisto Senior Software Engineer
Agenda Introduction SAML Concepts Liferay and SAML 2.0 Demo
What is SAML? Security Assertion Markup Language XML based protocol OASIS approved standard SAML 1.0 November 2002 SAML 1.1 September 2003 SAML 2.0 March 2005 Flexible and extensible protocol designed to be used by other standards
SAML Roles Identity Provider (IdP) / Asserting party Service Provider (SP) / Relying party User
Advantages of SAML Platform neutral Loose coupling of directories Improved online experience for end users Supported by many SaaS applications Increased security Strong commercial and open source support
Use cases Web Single Sign-On Attribute based authorization Identity Federation WS-Security
SAML Concepts
Protocols Authentication Request Protocol Assertion Query and Request Protocol Artifact Resolution Protocol Name Identifier Management Protocol Name Identifier Mapping Protocol Single Logout Protocol
Bindings HTTP Redirect Binding HTTP Post Binding HTTP Artifact Binding SAML SOAP Binding Reverse SOAP (PAOS) Binding SAML URI Binding
Profiles Web Browser SSO Profile Enhanced Client and Proxy (ECP) Profile Identity Provider Discovery Profile Single Logout Profile Assertion Query/Request Profile Artifact Resolution Profile Name Identifier Management Profile Name Identifier Mapping Profile
Liferay and SAML 2.0 Available as a EE plugin Supports two operation modes Identity Provider Service Provider Built on top of OpenSAML Uses Java keystore for credentials Configured using SAML metadata and portal(- ext).properties
Features IdP initiated Web SSO SP initiated Web SSO SP initiated Single Logout IdP initiated Single Logout Consumes and Produces SAML Metadata Attribute statement generation (IdP) JIT provisioning using attribute statements (SP)
IdP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (AuthnRequest and Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
SP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
SP initiated Single Sign-On
IdP initiated Single Sign-On
SP Initiated Single Logout
IdP Initiated Single Logout
Configuration - IdP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlidpdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=idp saml.entity.id=liferaysamlidpdemo saml.metadata.paths= ${liferay.home}/saml/salesforce.xml, http://beta.test.com:9080/c/portal/saml/metadata saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlidpdemo]=liferay
Configuration - SP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlspdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=sp saml.entity.id=liferaysamlspdemo saml.metadata.paths=http://localhost:8080/c/portal/saml/metadata saml.sp.default.idp.entity.id=liferaysamlidpdemo saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlspdemo]=liferay
Extension points com.liferay.saml.resolver.AttributeResolver com.liferay.saml.resolver.NameIdResolver saml-spring.xml com.liferay.saml.profile.SingleLogoutProfile com.liferay.saml.profile.WebSsoProfile
Demo SalesForce.com Google Apps Liferay Service Provider
Resources http://saml.xml.org/saml-specifications Liferay SAML plugin config reference http://bit.ly/lrsamlplugin Difficulties of Single Logout https://wiki.shibboleth.net/confluence/display/SHIB2/ SLOIssues Seamless Single Sign-On with SAML (salesforce) http://www.youtube.com/watch?v=Gztz6h0LgA8
Thank You!

Recommended

IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML Programming Talents
 
SSO introduction
SSO introductionSSO introduction
SSO introductionAidy Tificate
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101Mike Schwartz
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On ConsiderationsVenkat Gattamaneni
 

Recommended

IdP, SAML, OAuth
IdP, SAML, OAuthIdP, SAML, OAuth
IdP, SAML, OAuthDan Brinkmann
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML Programming Talents
 
SSO introduction
SSO introductionSSO introduction
SSO introductionAidy Tificate
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101Mike Schwartz
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On ConsiderationsVenkat Gattamaneni
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSOAjit Dadresa
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CJoonas Westlin
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
CyberArk
CyberArkCyberArk
CyberArkJimmy Sze
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets ManagerAmazon Web Services
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1Shawn Ismail
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Solving Single-Sign-On
Solving Single-Sign-OnSolving Single-Sign-On
Solving Single-Sign-OnAaron King
 

More Related Content

What's hot

OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSOAjit Dadresa
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CJoonas Westlin
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1Shawn Ismail
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 

What's hot (20)

OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
CyberArk
CyberArkCyberArk
CyberArk
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting Started
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
48. Azure Active Directory - Part 1
48. Azure Active Directory - Part 148. Azure Active Directory - Part 1
48. Azure Active Directory - Part 1
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
 

Similar to Introduction to SAML 2.0

Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Solving Single-Sign-On
Solving Single-Sign-OnSolving Single-Sign-On
Solving Single-Sign-OnAaron King
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
 
How to break SAML if I have paws?
How to break SAML if I have paws?How to break SAML if I have paws?
How to break SAML if I have paws?GreenD0g
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialPrabath Siriwardena
 
AEM GEMS Session SAML authentication in AEM
AEM GEMS Session SAML authentication in AEMAEM GEMS Session SAML authentication in AEM
AEM GEMS Session SAML authentication in AEMAdobeMarketingCloud
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforcedeimos
 
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014Amazon Web Services
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible IdentityForgeRock
 
Seattle StrongLoop Node.js Workshop
Seattle StrongLoop Node.js WorkshopSeattle StrongLoop Node.js Workshop
Seattle StrongLoop Node.js WorkshopJimmy Guerrero
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityOliver Pfaff
 
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...Luis Benitez
 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomQConLondon2008
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMPaul Madsen
 

Similar to Introduction to SAML 2.0 (20)

Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSO
 
Solving Single-Sign-On
Solving Single-Sign-OnSolving Single-Sign-On
Solving Single-Sign-On
 
Open sso fisl9.0
Open sso fisl9.0Open sso fisl9.0
Open sso fisl9.0
 
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLAlfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
 
SAML Smackdown
SAML SmackdownSAML Smackdown
SAML Smackdown
 
How to break SAML if I have paws?
How to break SAML if I have paws?How to break SAML if I have paws?
How to break SAML if I have paws?
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server Tutorial
 
AEM GEMS Session SAML authentication in AEM
AEM GEMS Session SAML authentication in AEMAEM GEMS Session SAML authentication in AEM
AEM GEMS Session SAML authentication in AEM
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
Dave Carroll Application Services Salesforce
Dave Carroll Application Services SalesforceDave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
 
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
 
Incredible Edible Identity
Incredible Edible IdentityIncredible Edible Identity
Incredible Edible Identity
 
Seattle StrongLoop Node.js Workshop
Seattle StrongLoop Node.js WorkshopSeattle StrongLoop Node.js Workshop
Seattle StrongLoop Node.js Workshop
 
Identity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric IdentityIdentity 2.0 and User-Centric Identity
Identity 2.0 and User-Centric Identity
 
Oracle API Gateway
Oracle API GatewayOracle API Gateway
Oracle API Gateway
 
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
 
Saml
SamlSaml
Saml
 
Application Services On The Web Sales Forcecom
Application Services On The Web Sales ForcecomApplication Services On The Web Sales Forcecom
Application Services On The Web Sales Forcecom
 
A recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdMA recipe for standards-based Cloud IdM
A recipe for standards-based Cloud IdM
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Introduction to SAML 2.0

  • 1. Introduction to SAML 2.0 Mika Koivisto Senior Software Engineer
  • 2. Agenda Introduction SAML Concepts Liferay and SAML 2.0 Demo
  • 3. What is SAML? Security Assertion Markup Language XML based protocol OASIS approved standard SAML 1.0 November 2002 SAML 1.1 September 2003 SAML 2.0 March 2005 Flexible and extensible protocol designed to be used by other standards
  • 4. SAML Roles Identity Provider (IdP) / Asserting party Service Provider (SP) / Relying party User
  • 5. Advantages of SAML Platform neutral Loose coupling of directories Improved online experience for end users Supported by many SaaS applications Increased security Strong commercial and open source support
  • 6. Use cases Web Single Sign-On Attribute based authorization Identity Federation WS-Security
  • 8. Protocols Authentication Request Protocol Assertion Query and Request Protocol Artifact Resolution Protocol Name Identifier Management Protocol Name Identifier Mapping Protocol Single Logout Protocol
  • 9. Bindings HTTP Redirect Binding HTTP Post Binding HTTP Artifact Binding SAML SOAP Binding Reverse SOAP (PAOS) Binding SAML URI Binding
  • 10. Profiles Web Browser SSO Profile Enhanced Client and Proxy (ECP) Profile Identity Provider Discovery Profile Single Logout Profile Assertion Query/Request Profile Artifact Resolution Profile Name Identifier Management Profile Name Identifier Mapping Profile
  • 11. Liferay and SAML 2.0 Available as a EE plugin Supports two operation modes Identity Provider Service Provider Built on top of OpenSAML Uses Java keystore for credentials Configured using SAML metadata and portal(- ext).properties
  • 12. Features IdP initiated Web SSO SP initiated Web SSO SP initiated Single Logout IdP initiated Single Logout Consumes and Produces SAML Metadata Attribute statement generation (IdP) JIT provisioning using attribute statements (SP)
  • 13. IdP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (AuthnRequest and Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
  • 14. SP Supported Bindings Web Single Sign-On Profile HTTP Redirect Binding (AuthnRequest) HTTP Post Binding (Response) Single Logout Profile HTTP Redirect Binding (SP initiated only) SAML SOAP Binding (IdP to SP only)
  • 19. Configuration - IdP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlidpdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=idp saml.entity.id=liferaysamlidpdemo saml.metadata.paths= ${liferay.home}/saml/salesforce.xml, http://beta.test.com:9080/c/portal/saml/metadata saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlidpdemo]=liferay
  • 20. Configuration - SP Create keystore with signing key keytool -genkey -keyalg RSA -alias liferaysamlspdemo -keystore keystore.jks -storepass liferay -keysize 2048 Create portal-ext.properties saml.enabled=true saml.role=sp saml.entity.id=liferaysamlspdemo saml.metadata.paths=http://localhost:8080/c/portal/saml/metadata saml.sp.default.idp.entity.id=liferaysamlidpdemo saml.keystore.type=jks saml.keystore.path=${liferay.home}/data/keystore.jks saml.keystore.password=liferay saml.keystore.credential.password[liferaysamlspdemo]=liferay
  • 21. Extension points com.liferay.saml.resolver.AttributeResolver com.liferay.saml.resolver.NameIdResolver saml-spring.xml com.liferay.saml.profile.SingleLogoutProfile com.liferay.saml.profile.WebSsoProfile
  • 22. Demo SalesForce.com Google Apps Liferay Service Provider
  • 23. Resources http://saml.xml.org/saml-specifications Liferay SAML plugin config reference http://bit.ly/lrsamlplugin Difficulties of Single Logout https://wiki.shibboleth.net/confluence/display/SHIB2/ SLOIssues Seamless Single Sign-On with SAML (salesforce) http://www.youtube.com/watch?v=Gztz6h0LgA8