Re: new to OpenSAML

[François Beretti <francois.beretti@enatel.com>]

Hello Prasad,

Prasad Shenoy a écrit :

>Have you looked at SAML Technical Overview ? The document gives a
>clear picture of the profiles and also some use cases I guess....
>
>--Prasad.
>  
>
Well, in fact I hadn't read the technical overview, that is now done. 
But it doesn't exactly answer me.

In the Browser/Artifact Profile, I can read the following :
"The www.xyz.com Artifact Receiver will send a SAML request to the 
www.abc.com SAML
responder containing the artifact supplied by the Inter-site Transfer 
Service of www.abc.com."

Ok, but which SAML request is used here ? Which SAML attribute is used 
to give the artifact ?

I have another problem. If someone steals the artifact of someone else, 
I don't find any reason for
him not to be able to send it to the destination web site, and then to 
access unauthorized ressource.
The technical overview recommend to use digital signature. This means 
(as I understand it) that
I have to build a complete PKI.
So as I understand the thing, if I want to build a SSO architecture with 
login/password authentication,
I have to set up a PKI. Am I the only one to find it strange ? (I have 
to say that I am not used to
digital signature and PKI, so I may be wrong, and I hope I am)

Thank you for your help

François


>
>On Mon, 26 Jul 2004 14:03:49 +0200, François Beretti
><francois.beretti@enatel.com> wrote:
>  
>
>>Well, sorry for the previous post, intended to the OpenSAML mailing list.
>>
>>But if there is someone here that can give me any use case of SAML, with
>>a basic sequence of requests and answers, starting from the
>>authentication, it will help me.
>>
>>In fact I don't exactly understand how the authentication system, which
>>seems to be separated from SAML, is linked to it.
>>
>>If a user authenticate against the security system, what does the server
>>return to him ? Is it an authentication assertion, or a reference to
>>this assertion ? And if it is a reference to the assertion, which data
>>structure has to be used ?
>>
>>Thank you very much, and sorry again for the previous post
>>
>>François Beretti
>>
>>François Beretti a écrit :
>>
>>
>>
>>    
>>
>>>Hello all
>>>
>>>I am quite new to saml and planning to build a security system based
>>>on saml. I plan to use the OpenSAML library which seems to be very nice..
>>>
>>>Is there a place where I can find some sample code using OpenSAML ?
>>>
>>>In fact I have some difficulties to understand the whole SAML
>>>standard, and I think that reading a concrete use case will help me a lot
>>>
>>>thank you very much
>>>
>>>François
>>>
>>>      
>>>
>>    
>>
>
>
>  
>