I am a .net developer working on SAML 1.1 for SSO and I have found that I could generate SAML Assertion using the SamlAssertion class in System.IdentityModel.Tokens. But was unable to find a class/object for generating SAML Response.

I mean this class generates SAML Assertion but not the response(<samlp:response>). Is there a class which can generate the saml response,can any of you help me in figuring out this issue as our application needs a saml response to authenticate the user with the saml assertion.

Thanks in Advance.

Read more

I'm new to SAML and have a question concerning the signing process.  Forgive me if it seems a little stupid.

What is there to stop a malicious 3rd party from creating private and public keys of their own, then creating a fake assertion, sign it with the private key and include the public key in the x509 certificate inside the SAML response?  To the consuming provider, the assertion would appear to come from a trusted identifying provider and be legitimately signed when verified against the enclosed public key.

Read more

Hi,

I have evaluated pingIdentity (very good but expensive) and symlabs (good but limited in some senses).

i have scoured the 'Net for other commercial identity providers.  i want to install one on the corporate network to enable our intranet users to single sign on to other external websites.

when i started the research i anticipated some kind of hardware box that could be used, but i havent found anything.

Read more

Queria saber donde puedo buscar información sobre como implementar SAML en español. Muchas Gracias

In this scenario, how would SAML be implemented-if the fderation would be made up of organisations with different directories, and the IM uses a non-http protocol and uses java. Any help will be useful