Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • Al Hobbs
  • salvin francis

Open SAML -newie question

Ranch Hand
Posts: 155
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I had a link on my JSP to another partner website. When click on the link control comes to a servlet and the servlet has user credentials and our application dig signature(which is some plain text for now). I downloaded the openSAMl and placed the jars in my class path. what is the next step. do i need to send my app digital signature to the partner webservice. any sample code or how to do this.
Ranch Hand
Posts: 242
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
SAML is the specification which defines the protocol to represent the security assertions. However it doesn't define the transport mechanism so you can use anything which works for you.

OpenSAML is the library used to create/validate such SAML Assertions (aka Tokens).

So in your scenario, the flow would be like this.

1. User clicks on a link in your web page, which comes to a Servlet.

2. Servlet takes the user id, creates a SAML Token and signs the token using private key.

3. You reply back to the user with SAMLResponse (possible with form submit page), which user can use to connect to the target server.

If you looking for an working SAML Example, let me know at brsanthu at yahoo dot com. I would be happy to send you one.
    Bookmark Topic Watch Topic
  • New Topic