.Net Fedlet (Prototype)


As I was revving up SecureAttrs C# api, stumbled upon .Net apis to perform XML signing and verification, and that lead to a usable Fedlet prototype for .Net environments.

To test drive it :
  • Download saml2.dll and sample fedlet.aspx.
  • Deploy them to your IIS server. ( I copied SAML2.dll to BIN and fedlet.aspx to c:\\Inetpub\\wwwroot )
  • Execute "Create Fedlet" Task on OpenSSO serving as IDP - point it to your IIS Server that will execute the Fedlet. E.g. : http://www.spp.com/fedlet.aspx. While you are on the console you may setup a attribute mapping to pass some user profile attributes such as cn, mail, employeeNumber etc from IDP to the Fedlet as part of SSO.
  • Export IDP public key and copy it to C:\\fedlet\\idp.cer
    cd <opensso_configdir>/<opensso_deploy_uri;>
    keytool -export -keystore keystore.jks -alias test -file idp.cer
  • Test : On a browser, invoke the fedlet : http://www.spp.com/fedlet.aspx. It will prompt you for IDP (OpenSSO) url. A URL representing IDP initiated SAML2 SSO is generated and shown as a link. Click on the link to initiate SSO. When prompted for autentication on the IDP end, try the demo user (password : changeit)

    Processing rules implemented :
  • IDP initiated SAML2 POST profile (Unsolicited AuthN Response)
  • verification of XML signature
  • verification of IDP entity id.
  • NotOnOrAfter rule
  • Single-use-assertion

    Work to be done :
  • Audience restriction and other SAML Conditions procesing rules
  • Option to verify signature via IDP public key stored locally
  • AuthNRequest for SP initiated SSO
  • Single Logout.
  • Support for multiple IDPs

    Code will be checked into the OpenSSO source repository shortly after it is reviewed, etc.
    fedlet.aspx demonstrates a simple C# SAML2 api, modelled after the Java Fedlet API. Feedback most welcome.
  • Comments:

    Very cool - nice prototype and great blog entry. Spinning up my Windows VM right now to try this out...

    Posted by Pat Patterson on December 12, 2008 at 01:02 AM PST #

    Rajeev,
    Extending the Fedlet technology to .NET platforms will be well received by our Cdn. financial industry customers. They have asked us in the past for an easy to use .NET SAMLv2 integration technique. They need to be in a position to easily extend their CoT to include small Service Providers based on the Windows platform. The .NET Fedlet should prove to be a popular piece of software.

    I'll let my customers know about it and encourage them to try it.
    Thank you,
    brad

    Posted by brad butler on December 12, 2008 at 02:43 AM PST #

    [Trackback] It's been a while since the last tab sweep - lots of news since then, such as the OpenSSO Enterprise 8.0 release , that's kept me busy both here on the blog and 'in real life' (if there is such a thing any more!). Anyway, here are some of the titbit...

    Posted by Superpatterns on December 12, 2008 at 11:32 AM PST #

    awesome !!!

    Posted by Rohan Pinto on December 17, 2008 at 12:50 AM PST #

    hi Rajeev,

    Great work.
    I used to this to perform a proof of concept for out organization.
    Question:
    You mentioned that the code is under review and will be checked in to the OpenSSO repository.
    Has it been reviewed?
    Is it in the repository?
    If so, please point in the right direction.

    Thanks
    Walter.

    Posted by Walter on January 26, 2009 at 11:21 PM PST #

    Yes - the code is undergoing a few changes and feedback. It will also include a HttpFilter/ISAPI based plugin.
    Most of it will be in the OpenSSO repository before mid february.

    Posted by Rajeev Angal on January 27, 2009 at 07:56 AM PST #

    Can you make example which work with artifact binding from IdP to SP.
    Thanks,
    Djordje

    Posted by Djordje on February 15, 2009 at 11:07 PM PST #

    [Trackback] Okay, okay.&nbsp; I know the title and tag line sounds like the opening of a bad joke.&nbsp; But someday I'll blog about it.&nbsp; Let's just say it has to do with the fact that I'm playing with multiple technologies.&nbsp; But I digress, the real meat...

    Posted by The Whalphin Chronicles on March 04, 2009 at 08:56 AM PST #

    Can we integrate .NET application with Java using Open SSO technique & How .
    Please give me your valuable suggestion.

    Posted by SAwan on August 09, 2009 at 09:57 PM PDT #

    Post a Comment:
    • HTML Syntax: NOT allowed
    About

    rajeev

    Search

    Categories
    Archives
    « April 2014
    SunMonTueWedThuFriSat
      
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
       
           
    Today