Sunday Dec 07, 2008

.Net Fedlet (Prototype)


As I was revving up SecureAttrs C# api, stumbled upon .Net apis to perform XML signing and verification, and that lead to a usable Fedlet prototype for .Net environments.

To test drive it :
  • Download saml2.dll and sample fedlet.aspx.
  • Deploy them to your IIS server. ( I copied SAML2.dll to BIN and fedlet.aspx to c:\\Inetpub\\wwwroot )
  • Execute "Create Fedlet" Task on OpenSSO serving as IDP - point it to your IIS Server that will execute the Fedlet. E.g. : http://www.spp.com/fedlet.aspx. While you are on the console you may setup a attribute mapping to pass some user profile attributes such as cn, mail, employeeNumber etc from IDP to the Fedlet as part of SSO.
  • Export IDP public key and copy it to C:\\fedlet\\idp.cer
    cd <opensso_configdir>/<opensso_deploy_uri;>
    keytool -export -keystore keystore.jks -alias test -file idp.cer
  • Test : On a browser, invoke the fedlet : http://www.spp.com/fedlet.aspx. It will prompt you for IDP (OpenSSO) url. A URL representing IDP initiated SAML2 SSO is generated and shown as a link. Click on the link to initiate SSO. When prompted for autentication on the IDP end, try the demo user (password : changeit)

    Processing rules implemented :
  • IDP initiated SAML2 POST profile (Unsolicited AuthN Response)
  • verification of XML signature
  • verification of IDP entity id.
  • NotOnOrAfter rule
  • Single-use-assertion

    Work to be done :
  • Audience restriction and other SAML Conditions procesing rules
  • Option to verify signature via IDP public key stored locally
  • AuthNRequest for SP initiated SSO
  • Single Logout.
  • Support for multiple IDPs

    Code will be checked into the OpenSSO source repository shortly after it is reviewed, etc.
    fedlet.aspx demonstrates a simple C# SAML2 api, modelled after the Java Fedlet API. Feedback most welcome.
  • About

    rajeev

    Search

    Categories
    Archives
    « April 2014
    SunMonTueWedThuFriSat
      
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
       
           
    Today