background preloader

SAML

Facebook Twitter

Liferay and Single Sign On (SSO) – Whats here and whats coming. By Mark Polly on October 8th, 2012.

Liferay and Single Sign On (SSO) – Whats here and whats coming

Liferay SAML Single Sign-On Integration — AssureBridge, Inc. The AssureBridge SAMLConnect™ service provides a powerful solution that will allow you to quickly, easily, and reliably enable single sign-on (SSO) to or from a Liferay portal.

Liferay SAML Single Sign-On Integration — AssureBridge, Inc.

We support both CE and EE of the Liferay product. The AssureBridge Liferay SSO adapter is pre-integrated into the LifeRay portal and offers the following features: Enables Liferay for inbound or outbound SSO connections using standards protocols such as SAML 1.1, SAML 2.0, OpenID or WS-Federation SP-initiated LoginIDP-initiated LoginSP-initiated LogoutIDP-initiated LogoutAllows user profile information (e.g. email, nickname, job title) to be passed securely into the LifeRay database as part of the single sign-on experienceAllows Liferay user information to be synchronized with external systemsSupports a number of hooks to customize login and logout behavior Custom IDP partner name provider for SP to map incoming requests to partner IDP. Learn more about: » Why you should not use CAS 3.5.1 as SAML 2.0 Identity Provider Technical Notes. Last week I spent some time investigating SAML 2.0 support of Central Authentication Service 3.5.1 (latest version of CAS at the moment of writing).

» Why you should not use CAS 3.5.1 as SAML 2.0 Identity Provider Technical Notes

The results were disappointing. CAS was developed by Yale University in early 2000′s and was donated to open source in 2004. I Hate SAML! Lately I’ve been working a lot with SAML, and I have to say it’s an extremely complex, and obfuscated protocol.

I Hate SAML!

The best analogy I can come up with uses our infamous light bulb jokes. (“How many programmers does it take?”) SAML is like building a mini nuclear reactor to power a light bulb in your office. It’s certainly geeky, but what the fuck is the point? You’ve over engineered something that should be very simple: Single Sign-On. Besides that point, who the hell cares about SSO? Consortium - OpenSAML-Java.

OpenSAML-Java is a low-level library written in Java that provides support for producing and consuming SAML messages, creating and evaluating digitally signed and encrypted content, and working with SAML bindings.

Consortium - OpenSAML-Java

Extensive support for consuming SAML metadata is also provided, along with an API for establishing security policies around the consumption of SAML messages. This library is intended for people needing to write SAML identity providers, service providers, and certain types of advanced clients. It is not by itself an implementation of any of those things, and developers are strongly encouraged to evaluate existing products before creating their own as doing so is a lot of work and prone to error unless you have significant expertise in SAML. The low-level nature of the library and lack of documentation makes the software a poor choice for beginners or those without extensive background in the area. Home - OpenSAML 2.x - Confluence. Skip to end of metadataGo to start of metadata Welcome to the OpenSAML website.

Home - OpenSAML 2.x - Confluence

OpenSAML is a set of open source C++ & Java libraries meant to support developers working with the Security Assertion Markup Language (SAML). Saml-iis.html. By Alex Rykov 04/04/2007 Implementing single sign on (SSO) for several sites is a problem that has a multitude of variations and quite a few solutions.

saml-iis.html

Security Assertion Markup Language (SAML) has emerged in the last five years to address this problem in a standard way, and BEA WebLogic Server 9 offers extensive support for it. Unfortunately, simple SAML configuration examples, especially for cross-platform scenarios, are hard to come by. This tutorial describes a simple SAML SSO scenario between Microsoft Internet Information Services Server (IIS) and BEA WebLogic Server 9. The article assumes some knowledge of SAML and is accompanied by a fully functional example that includes ASP.NET code as well as a script to fully configure WebLogic Server.

Introduction Recently, I did some work for a customer who decided to add WebLogic Portal 9 into a predominantly ASP.NET Web infrastructure. In the past, that would have meant a lot of work—probably writing another clunky security provider. Top 20 NuGet packages for SAML - NuGet Must Haves. An Open Source ASP.NET SAML2 Service Provider. I’m happy to announce an open source ASP.NET SAML2 Service Provider.

An Open Source ASP.NET SAML2 Service Provider

SAML2 is a common standard for single sign on in enterprise environments. A Service Provider in SAML2 is a web site that allows log on through SAML2 Identity Provider (IdP). Implementing a Service Provider requires issuing authentication requests (AuthnRequest) and handling the returned response. At Kentor we have seen an increase in the demand for using SAML2 authentication from our customers. When doing a recent project we didn’t find any suitable component, so we had to roll our own. The library is hosted at github and is released under an LGPL license. The core part of the library is the Saml2AuthenticationModule IIS module that handles the authentication. The library is available on NuGet and can be installed with the following command. PM> Install-Package Kentor.AuthServices I’m of course happy if anyone would like to contribute to make the library more complete. Saml 2.0 - SSO using SAML2.0 in asp.net. Configure SSO in Liferay with OKTA using SAML 2.0 protocol - Blog.

In this blog, I am listing the steps to configure SSO in Liferay with OKTA using SAML 2.0 protocol.

Configure SSO in Liferay with OKTA using SAML 2.0 protocol - Blog

OKTA is an enterprise grade identity management service, built from the ground up in the cloud. Okta identity management service provides directory services, SSO, strong authentication, provisioning, workflow and built in reporting. If you are not familiar with SAML, check out awesome blog by Mika Koivisto. Getting started with Liferay SAML 2.0 Identity Provider - Blog. Liferay 6.1 EE comes with SAML 2.0 Identity Provider and Service Provider support via SAML plugin.

Getting started with Liferay SAML 2.0 Identity Provider - Blog

If you are not familiar with SAML check out my Introduction to SAML presentation slides. In this post we will configure Liferay to be SAML Identity Provider and configure Salesforce to be a Service Provider. After we are done we have a user that can move from Liferay to Salesforce without requiring to authenticate on Salesforce. You’ll need following things to complete this by yourself: Introduction to SAML 2.0.