File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Open SAML -newie question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Open SAML -newie question" Watch "Open SAML -newie question" New topic

Open SAML -newie question

vijaya bacina
Ranch Hand

Joined: Aug 23, 2005
Posts: 155
I had a link on my JSP to another partner website. When click on the link control comes to a servlet and the servlet has user credentials and our application dig signature(which is some plain text for now). I downloaded the openSAMl and placed the jars in my class path. what is the next step. do i need to send my app digital signature to the partner webservice. any sample code or how to do this.
Santhosh Kumar
Ranch Hand

Joined: Nov 07, 2000
Posts: 242
SAML is the specification which defines the protocol to represent the security assertions. However it doesn't define the transport mechanism so you can use anything which works for you.

OpenSAML is the library used to create/validate such SAML Assertions (aka Tokens).

So in your scenario, the flow would be like this.

1. User clicks on a link in your web page, which comes to a Servlet.

2. Servlet takes the user id, creates a SAML Token and signs the token using private key.

3. You reply back to the user with SAMLResponse (possible with form submit page), which user can use to connect to the target server.

If you looking for an working SAML Example, let me know at brsanthu at yahoo dot com. I would be happy to send you one.
I agree. Here's the link:
subject: Open SAML -newie question
It's not a secret anymore!