Hi, I had a link on my JSP to another partner website. When click on the link control comes to a servlet and the servlet has user credentials and our application dig signature(which is some plain text for now). I downloaded the openSAMl and placed the jars in my class path. what is the next step. do i need to send my app digital signature to the partner webservice. any sample code or how to do this.
posted 7 years ago
SAML is the specification which defines the protocol to represent the security assertions. However it doesn't define the transport mechanism so you can use anything which works for you.
OpenSAML is the library used to create/validate such SAML Assertions (aka Tokens).
So in your scenario, the flow would be like this.
1. User clicks on a link in your web page, which comes to a Servlet.
2. Servlet takes the user id, creates a SAML Token and signs the token using private key.
3. You reply back to the user with SAMLResponse (possible with form submit page), which user can use to connect to the target server.
If you looking for an working SAML Example, let me know at brsanthu at yahoo dot com. I would be happy to send you one.