Upload File

saml 2.0 - earnest, mark

14
SAML 2.0 Security Assertion Markup Language Mark Allen Earnest Lead Systems Programmer Emerging Technologies The Pennsylvania State University

Upload: others

Post on 04-Feb-2022

4 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: SAML 2.0 - Earnest, Mark

SAML 2.0Security Assertion Markup Language

Mark Allen EarnestLead Systems ProgrammerEmerging TechnologiesThe Pennsylvania State University

Page 2: SAML 2.0 - Earnest, Mark

What is SAML?

A method of representing authentication and authorization data in XML

Developed by OASIS, Version 2.0 was released March 2005

Used by Shibboleth, Liberty Alliance, and Lionshare

Page 3: SAML 2.0 - Earnest, Mark

How is SAML Used?

WebSSO

Attribute-Based Authorization

Securing Web Services

Page 4: SAML 2.0 - Earnest, Mark

SAML Components I

Assertions

Authentication

Attribute

Authorization Decision

Page 5: SAML 2.0 - Earnest, Mark

SAML Components IIProtocols

Request assertions from SAML Authority

Request an identifier be registered

Request an identifier be terminated

Request a simulations logout of all sessions

Page 6: SAML 2.0 - Earnest, Mark

SAML Components III

Bindings

SOAP

HTTP

Profiles

Page 7: SAML 2.0 - Earnest, Mark
Page 8: SAML 2.0 - Earnest, Mark

Sample SAML Assertion<Assertion AssertionID=”fcd0b7ff-8296-4e5b-91e5-5bc042100323” IssueInstant=”2003-01-16T17:05:58Z” Issuer=”psu.edu” MajorVersion=”1” MinorVersion=”0”> <Conditions NotBefore=”2003-01-16T17:05:58Z” NotOnOrAfter=”2003-01-16T17:05:58Z”> <AudienceRestrictionCondition> <Audience>http://middleware.internet2.edu/shibboleth/clubs/clubshib/2002/05/</Audience> </AudienceRestrictionCondition> </Conditions> <AttributeStatement> <Subject> <NameIdentifier NameQualifier=”psu.edu”>b8d3d86c-03e3-4582-b6c8-8340cc9fd0f1</NameIdentifier> <SubjectConfirmation> <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer </ConfirmationMethod> </SubjectConfirmation> </Subject> <Attribute AttributeName=”urn:mace:eduPerson:1.0:eduPersonPrincipalName” AttributeNamespace=”urn:mace:shibboleth:1.0:attributeNamespace:uri”> <AttributeValue xsi:type=”typens:eduPersonPrincipalNameType”>mxe20</AttributeValue> </Attribute> </AttributeStatement></Assertion>

Page 9: SAML 2.0 - Earnest, Mark

New in SAML 2.0Pseudo-anonymous Handle

IdP Discovery

Encryption for individual attributes, name identifiers, and entire assertions

Attribute Profiles

Session Management

Privacy Mechanisms

Page 10: SAML 2.0 - Earnest, Mark

OpenSAML

Set of Java and C++ classes to build, transport, and parse SAML Assertions

Implements HTTP-POST & SOAP SAML Profiles

Developed by Internet2

Open Source

Page 11: SAML 2.0 - Earnest, Mark

Vendor Support

IBM WebSphere announced support for SAML in November 2003

Oracle, Computer Associates, and RSA’s identity management software already supports SAML 2.0

More software integration planned

Page 12: SAML 2.0 - Earnest, Mark

WS-Fed

Introduced by Microsoft & IBM as an alternative to SAML

Both previously were involved in SAML working group

Interop being worked on, nobody knows for sure at this point how much interop.

Page 13: SAML 2.0 - Earnest, Mark

SAML @ PSU

Shibboleth

Webassign

Napster

Lionshare

Page 14: SAML 2.0 - Earnest, Mark

Questions?

Thank you

[email protected]


Sstc Saml Tech Overview 2.0 CD 02

Tuomas Aura CSE-C3400 Information security · SAML 2.0 architecture Security assertion markup language (SAML 2.0) –OASIS standard (combines ideas from SAML 1.1, Liberty Alliance

SAML Version 2.0 Errata 05docs.oasis-open.org/security/saml/v2.0/sstc-saml...SAML Version 2.0 Errata 05 ... 2 6

1 SAML 2.0: Federation Models, Use-Cases and Standards Roadmap Prateek Mishra Principal identity Co-Chair, OASIS SSTC (SAML Committee)

the user request to IDaaS using SAML 2.0 integration ... · the user request to IDaaS using SAML 2.0 integration. The EAA Edge will leverage mutually authenticated TLS connections

Identity Federation with SAML 2 - Securitysecurity.hsr.ch/theses/DA_2008_IdentityFederation_with_SAML_20.pdfIdentity Federation with SAML 2.0 Josua Tr osch Diploma thesis, April 25,

Saml Core 2.0 Os

Oracle WebLogic Server · Securing WebLogic Server vi Configuring a SAML 2.0 Identity Assertion Provider for SAML 2.0 . . . . . . . . . . . 5-31 Identity Provider Partners

SAML 2.0 Interop Test Plan - Liberty · PDF fileLiberty Alliance Project Version 3.2.2 SAML 2.0 Test Steps Introduction Overview of Test Plan This document is the Liberty SAML 2.0

SAML 2.0 Errata Document - OASIS · This document lists the proposed errata against the OASIS SAML 2.0 Committee Specifications and details about their disposition. It is a working

SAML and XACML Overview - ITU · SAML 2.0 Specification Suite • Conformance Requirements • Required “Operational Modes” for SAML implementations • Assertions and Protocols

FROM A PROPOSAL TO HAPPY MARRIAGE...OpenID Connect 2005 SAML 2.0 SAML 1.1 Liberty Alliance ID-FF 2003 2015 Mobile Connect 2012 OAuth 2.0 2007 OAuth 1.0 OpenID 2.0 2008 OpenID 1.0 1999

SAML profile for Federation in Danish Public Sector V2.0b.prodstoragehoeringspo.blob.core.windows.net... · Danish public sector V2.0 or in short DK-SAML 2.0 The DK-SAML 2.0 profile

SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity

Saml 2.0 at Sap Gateway and Msft Adfs

Assertions and Protocols for the OASIS Security …docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf1 Introduction The Security Assertion Markup Language (SAML) defines the

SAML vs OAuth 2.0 vs OpenID Connect

saml-metadata-2.0-os.pdf - OASISdocs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf · 2 Metadata for SAML V2.0 SAML metadata is organized around an extensible collection

Security Assertion Markup Language (SAML) 2.0 Web · PDF fileSecurity Assertion Markup Language (SAML) 2.0 Profile as described in this document has been adopted by Federal Identity,

SAML 2.0 Profiles - OASISdocs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf · 1 Introduction This document specifies profiles that define the use of SAML assertions

ID-WSF 2.0 SecMech SAML Profile - Liberty Alliance

SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping

Implementing Single Sign-On Using SAML 2.0 on Juniper Networks

SAML 2.0 SSO Implementation for Oracle Financial … · 2017-10-05 · SAML 2.0 SSO Implementation for Oracle Financial Services Lending and Leasing Using Active Directory and Active

SAML 2.0 SSO Deployment with Okta - Application … · The A10 Networks SAML 2.0 SSO Deployment with Okta Solution ... using the same Identity ... configuration and the application

SAML 2.0 profile of XACML - OASISdocs.oasis-open.org/xacml/access_control-xacml-2.0-saml... · 2004. 12. 10. · This profile defines how to use SAML 2.0 to protect, transport, and

06C SAML 2.0 Profile... · TDIF: 06C - SAML 2.0 Profile 1 . OFFICIAL OFFICIAL . 1 Introduction. This document sets out the Security Assertion Markup Language (SAML) 2.0 Profiles for

SAML 2.0 and Related Work in XACML and WS-Security

SAML 2.0 Software comparison Andreas Åkre Solberg · SAML 2.0 Software comparison Andreas Åkre Solberg andreas.solberg@uninett ... Ping Federate RSA FIM Shibboleth ... Also allows

Metadata for SAML 2.0 Web Browser SSO Profiles

SAML 2 - Mark Earnest

06C SAML 2.0 Profile

Saml Profiles 2.0 Os

SAML 2.0 Profile of XACML 2.0 v2 - OASISdocs.oasis-open.org/xacml/3.0/xacml-profile-saml2.0-v2-spec-cs-01-en.pdfthis profile: 1) use of SAML 2.0 Attribute Assertions with XACML, including

Bindings for SAML 2.0 - OASISdocs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf · 1 Introduction This document specifies SAML protocol bindings for the use of SAML assertions