Gil
Reputation: 123
Providing proper security for SAML service provider
I'm adding SSO feature to my service to allow customers login with their AD accounts. To provide this I use SAML component from componentpro.com What is correct way to perform security interaction:
- From IdP side: what should customer provide to my service besides IdP url? Any certificate that just contains public key?
- From SP side: what should I provide to customer?
- Choosen SAML tool uses certificates to sign SAML request to IdP and to decrypt assertion from IdP. What are that certificates (from previous questions)? Is it the same certificate for signing and decrypting?
Update: useful link about using certificates in SAML communication.
Upvotes: 2
Views: 136
Answers (1)
Stefan Rasmusson
Reputation: 5595
Normaly this is set up using a SAML metadata file that contains the IDP endpoints, keys etc. Your service then sends a similar metadata file with information about your service to the IDP
If the customer is the IDP then as above you usually provide them with a metadata file.
It is gennerally a bad idea to use the same key for signing and encryption. Read the discussions here and here
Upvotes: 1
Related Questions
- Enterprise Single Sign On
- Client Side ADFS configuration for SAML based WebSSO protocol
- Single Sign On implementation in C# using SAML 2.0
- ADFS as a SAML Service Provider
- SAML request for SSO from Service provider to ADFS in asp.net C#
- How to implement SAML for SSO using ADFS as identity Provider
- Need to SSO to a vendor using SAML, not sure what path to take
- ADFS 2.0, SSO and SAML 2.0
- Single Sign On SAML Interception
- SAML IDP, ADFS 2.0 SP & WS-Fed Application