Hi,
We are looking for the below solution using SAML 2.0
1) User browsers to SP site, the user attempts to access a protected page requiring the user to be authenticated.
2) User keyed the user id and password in the SP site(Login page is in SP website), how we can send the user details to IdP’s SSO service to validate the user details and send the response to SP. How to capture the information
For eg: SP site is : www.spsite.com
IdP site is :: www.idpsite.com
user browse the www.spsite.com website and key in the user id and password and internally how we can send the user details to IdP’s SSO service to validate the user details in IdP?
The SAML specification doesn’t support entering the user credentials at the SP and sending them to the IdP for validation.
In many instances, a user would be reluctant to enter their credentials for one site into a completely different site.
If you must support this then you would need to use a proprietary mechanism (eg a REST API).
However, I recommend reconsidering the approach and following the SAML specification.
[quote][/quote]
The SAML specification doesn't support entering the user credentials at the SP and sending them to the IdP for validation.
In many instances, a user would be reluctant to enter their credentials for one site into a completely different site.
If you must support this then you would need to use a proprietary mechanism (eg a REST API).
However, I recommend reconsidering the approach and following the SAML specification.
In many instances, a user would be reluctant to enter their credentials for one site into a completely different site.
If you must support this then you would need to use a proprietary mechanism (eg a REST API).
However, I recommend reconsidering the approach and following the SAML specification.
Hi,
Noted and thanks for the information
i have one more clarification. Currently we have 15 websites and all websites need to implement SSO SAML as SP Initiated. We are planning to create one authentication website and that will call the IdP website for validate the user. Once validate the user the target URL is authentication website. How we can configure this process.
For eg: www.website1.com, www.website2.com, wwww.website3.com....
Authentication/SSO Website www.authenticationwebsite.om
1) www.website1.com--> click on the login and redirects to www.authenticationwebsite.com and here SP Initiated for SAML
2) Request sends to IdP and response back to "www.authenticationwebsite.com", from here how we can go back to www.website1.com?
You need a mechanism to share the authentication information between all your web sites. There are many different approaches. For example:
1. Each of you sites could share the same authentication cookie.
2. The authentication web site encrypts and/or signs authentication information and passes this onto the target site which decrypts and verifies the information.
3. You uses SAML SSO internally so the authentication web site acts as a SP to external IdPs but acts as an IdP to your internal sites which act as SPs.
A number of our customers have used the third approach.