14
SAML 2.0 Security Assertion Markup Language Mark Allen Earnest Lead Systems Programmer Emerging Technologies The Pennsylvania State University

SAML 2 - Mark Earnest

  • Upload
    others

  • View
    9

  • Download
    0

Embed Size (px)

Citation preview

Page 1: SAML 2 - Mark Earnest

SAML 2.0Security Assertion Markup Language

Mark Allen EarnestLead Systems ProgrammerEmerging TechnologiesThe Pennsylvania State University

Page 2: SAML 2 - Mark Earnest

What is SAML?

A method of representing authentication and authorization data in XML

Developed by OASIS, Version 2.0 was released March 2005

Used by Shibboleth, Liberty Alliance, and Lionshare

Page 3: SAML 2 - Mark Earnest

How is SAML Used?

WebSSO

Attribute-Based Authorization

Securing Web Services

Page 4: SAML 2 - Mark Earnest

SAML Components I

Assertions

Authentication

Attribute

Authorization Decision

Page 5: SAML 2 - Mark Earnest

SAML Components IIProtocols

Request assertions from SAML Authority

Request an identifier be registered

Request an identifier be terminated

Request a simulations logout of all sessions

Page 6: SAML 2 - Mark Earnest

SAML Components III

Bindings

SOAP

HTTP

Profiles

Page 7: SAML 2 - Mark Earnest
Page 8: SAML 2 - Mark Earnest

Sample SAML Assertion<Assertion AssertionID=”fcd0b7ff-8296-4e5b-91e5-5bc042100323” IssueInstant=”2003-01-16T17:05:58Z” Issuer=”psu.edu” MajorVersion=”1” MinorVersion=”0”> <Conditions NotBefore=”2003-01-16T17:05:58Z” NotOnOrAfter=”2003-01-16T17:05:58Z”> <AudienceRestrictionCondition> <Audience>http://middleware.internet2.edu/shibboleth/clubs/clubshib/2002/05/</Audience> </AudienceRestrictionCondition> </Conditions> <AttributeStatement> <Subject> <NameIdentifier NameQualifier=”psu.edu”>b8d3d86c-03e3-4582-b6c8-8340cc9fd0f1</NameIdentifier> <SubjectConfirmation> <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer </ConfirmationMethod> </SubjectConfirmation> </Subject> <Attribute AttributeName=”urn:mace:eduPerson:1.0:eduPersonPrincipalName” AttributeNamespace=”urn:mace:shibboleth:1.0:attributeNamespace:uri”> <AttributeValue xsi:type=”typens:eduPersonPrincipalNameType”>mxe20</AttributeValue> </Attribute> </AttributeStatement></Assertion>

Page 9: SAML 2 - Mark Earnest

New in SAML 2.0Pseudo-anonymous Handle

IdP Discovery

Encryption for individual attributes, name identifiers, and entire assertions

Attribute Profiles

Session Management

Privacy Mechanisms

Page 10: SAML 2 - Mark Earnest

OpenSAML

Set of Java and C++ classes to build, transport, and parse SAML Assertions

Implements HTTP-POST & SOAP SAML Profiles

Developed by Internet2

Open Source

Page 11: SAML 2 - Mark Earnest

Vendor Support

IBM WebSphere announced support for SAML in November 2003

Oracle, Computer Associates, and RSA’s identity management software already supports SAML 2.0

More software integration planned

Page 12: SAML 2 - Mark Earnest

WS-Fed

Introduced by Microsoft & IBM as an alternative to SAML

Both previously were involved in SAML working group

Interop being worked on, nobody knows for sure at this point how much interop.

Page 13: SAML 2 - Mark Earnest

SAML @ PSU

Shibboleth

Webassign

Napster

Lionshare

Page 14: SAML 2 - Mark Earnest

Questions?

Thank you

[email protected]


Falcon authentication saml

Falcon authentication saml

Education
SAML 2.0 Profiles - OASISdocs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf · 1 Introduction This document specifies profiles that define the use of SAML assertions

SAML 2.0 Profiles - OASISdocs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf · 1 Introduction This document specifies profiles that define the use of SAML assertions

Documents
SAML and OAUTH Technologies WebSphere Application Server€¦ · SAML and OAUTH Technologies WebSphere Application Server ... SAML Web Services Token ... 3 The signature of the SAML

SAML and OAUTH Technologies WebSphere Application Server€¦ · SAML and OAUTH Technologies WebSphere Application Server ... SAML Web Services Token ... 3 The signature of the SAML

Documents
SAML Integration Guide

SAML Integration Guide

Documents
SAML Overview

SAML Overview

Documents
SAML V2.0 Enhanced Client or Proxy Profile Version 2docs.oasis-open.org/security/saml/Post2.0/saml-ecp/v2.0/...SAML V2.0 Enhanced Client or Proxy Profile Version 2.0 Working Draft

SAML V2.0 Enhanced Client or Proxy Profile Version 2docs.oasis-open.org/security/saml/Post2.0/saml-ecp/v2.0/...SAML V2.0 Enhanced Client or Proxy Profile Version 2.0 Working Draft

Documents
Meraki SAML Authentication - Home | MCNC · Objectives ! What is SAML? ! Benefits of SAML authentication ! Enabling SSO for WiFi logins ! Enabling SAML for Meraki Dashboard Authentication

Meraki SAML Authentication - Home | MCNC · Objectives ! What is SAML? ! Benefits of SAML authentication ! Enabling SSO for WiFi logins ! Enabling SAML for Meraki Dashboard Authentication

Documents
What | Why | How SAML 101 Assertion Markup Language (SAML) 101 CONTENTS Introduction What is SAML? The Use Cases The Advantages The Components The Security Echoworx Supports SAML

What | Why | How SAML 101 Assertion Markup Language (SAML) 101 CONTENTS Introduction What is SAML? The Use Cases The Advantages The Components The Security Echoworx Supports SAML

Documents
Mule security - saml

Mule security - saml

Technology
(SAML) V1.1

(SAML) V1.1

Documents
SAML 2.0 - Earnest, Mark

SAML 2.0 - Earnest, Mark

Documents
Privileged Identity Supported Systems and Platforms · SupportedProviders OKTASAML OneLogin(SAML) PingOne(SAML) SalesForce(OAuth) SAML(anySAMLcompliantvendor) Multi-FactorProviders

Privileged Identity Supported Systems and Platforms · SupportedProviders OKTASAML OneLogin(SAML) PingOne(SAML) SalesForce(OAuth) SAML(anySAMLcompliantvendor) Multi-FactorProviders

Documents
saml-metadata-2.0-os.pdf - OASISdocs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf · 2 Metadata for SAML V2.0 SAML metadata is organized around an extensible collection

saml-metadata-2.0-os.pdf - OASISdocs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf · 2 Metadata for SAML V2.0 SAML metadata is organized around an extensible collection

Documents
SAML, The Liberty Alliance, and Federation* · SAML, The Liberty Alliance, and Federation* Eve Maler ... • Sun's >SAML, ID-FF, ... >Though the design …

SAML, The Liberty Alliance, and Federation* · SAML, The Liberty Alliance, and Federation* Eve Maler ... • Sun's >SAML, ID-FF, ... >Though the design …

Documents
SCI160_Excercises-SAML 2.0

SCI160_Excercises-SAML 2.0

Documents
Chapter 4 SAML application scripting - Centrify 4 SAML application scripting ... For an introduction to SAML, try the overviews provided at saml-introduction

Chapter 4 SAML application scripting - Centrify 4 SAML application scripting ... For an introduction to SAML, try the overviews provided at saml-introduction

Documents
SAML Authentication with BlackShield Cloud - SafeNet Management...A Brief Introduction to SAML ... SAML Authentication with BlackShield Cloud How does SAML Work?0F 10 Google Apps and

SAML Authentication with BlackShield Cloud - SafeNet Management...A Brief Introduction to SAML ... SAML Authentication with BlackShield Cloud How does SAML Work?0F 10 Google Apps and

Documents
SAML 2.0 – Standard-of-choice in the Public Sector...SAML 2.0 - An Overview SAML V1.1 ID-FF V1.1 (Liberty Federation) Shib 1.0/1.1 APIs SAML V1.0 SAML V2.0 “P has e 1” ID-FF

SAML 2.0 – Standard-of-choice in the Public Sector...SAML 2.0 - An Overview SAML V1.1 ID-FF V1.1 (Liberty Federation) Shib 1.0/1.1 APIs SAML V1.0 SAML V2.0 “P has e 1” ID-FF

Documents
SAML and XACML Overview - ITU · SAML 2.0 Specification Suite • Conformance Requirements • Required “Operational Modes” for SAML implementations • Assertions and Protocols

SAML and XACML Overview - ITU · SAML 2.0 Specification Suite • Conformance Requirements • Required “Operational Modes” for SAML implementations • Assertions and Protocols

Documents
SAML Config

SAML Config

Documents
Security Assertion Markup Language (SAML) V2.0 …docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech...1 Introduction The Security Assertion Markup Language (SAML) standard defines

Security Assertion Markup Language (SAML) V2.0 …docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech...1 Introduction The Security Assertion Markup Language (SAML) standard defines

Documents
ComponentSpace SAML for ASP.NET Core Configuration Guide › documentation › saml... · ComponentSpace SAML for ASP.NET Core Configuration Guide 1 Introduction The ComponentSpace

ComponentSpace SAML for ASP.NET Core Configuration Guide › documentation › saml... · ComponentSpace SAML for ASP.NET Core Configuration Guide 1 Introduction The ComponentSpace

Documents
Introduction to SAML - Virginia Techkafura/cs6204/Readings/SAMLSlides.pdf– SAML Overview – SAML Assertions – Producers and Consumers of Assertions – Message Exchange Protocol

Introduction to SAML - Virginia Techkafura/cs6204/Readings/SAMLSlides.pdf– SAML Overview – SAML Assertions – Producers and Consumers of Assertions – Message Exchange Protocol

Documents
Spring Security SAML Extension · Spring Security SAML Extension 1.0.0.RC2 Spring Security SAML Extension iii 4.7. Single sign-on process ..... 20

Spring Security SAML Extension · Spring Security SAML Extension 1.0.0.RC2 Spring Security SAML Extension iii 4.7. Single sign-on process ..... 20

Documents
SAML Smackdown

SAML Smackdown

Technology
SAML Attribute Sharing Profile for X.509 Authentication-Based Systemsdocs.oasis-open.org/security/saml/Post2.0/sstc-saml-x509... · 2008-12-22 · 1 Introduction The SAML V2.0 Attribute

SAML Attribute Sharing Profile for X.509 Authentication-Based Systemsdocs.oasis-open.org/security/saml/Post2.0/sstc-saml-x509... · 2008-12-22 · 1 Introduction The SAML V2.0 Attribute

Documents
SAML Version 2.0 Errata 05docs.oasis-open.org/security/saml/v2.0/sstc-saml...SAML Version 2.0 Errata 05 ... 2 6

SAML Version 2.0 Errata 05docs.oasis-open.org/security/saml/v2.0/sstc-saml...SAML Version 2.0 Errata 05 ... 2 6

Documents
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

Technology
Mule security saml

Mule security saml

Technology
SAML Single Sign-On - Cisco · SAMLSingleSign-On ThischapterprovidesinformationabouttheSecurityAssertionMarkupLanguage(SAML)SingleSign-On …

SAML Single Sign-On - Cisco · SAMLSingleSign-On ThischapterprovidesinformationabouttheSecurityAssertionMarkupLanguage(SAML)SingleSign-On …

Documents