OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Looking for feedback on a first SAML implimentation.

Scott and Bob,

I really appreciate the time you've taken for some thoughtful replies to my questions.

In spite of the fact that I have more _fun_ coding than configuring, I'm all for using other people's wheels rather than reinvinting my own when it's in the best interest of the project I'm working on.

My motivation for doing a code-based solution, rather than a server-add-on solution is ease of deployment. I'd really like to have everything contained in a single application which can be deployed entirely within a WAR file (standard java webapp packaging), using the standard techniques we now use, rather than having to make requests of a sysadmin to install/configure a server.

I'd also like for this app to be easily portable across different server technologies, and not require someone working with it in the future to know about special configurations on the server. For a complex system, I can easily imagine benefits to making the application "agnostic to the form of authentication", but wonder if, for my simple purposes, those benefits might be outweighed by the additional deployement/configuration complexity.

It sounds like the "right" way to use SAML is the way you folks have outlined, and if that's too elaborate for my situation, SAML itself may be a more powerful/complex tool than I need. But the client has specified SAML, so I may have to choose between a) a setup that's more complex and potentially more confusing to deploy and b) a home-grown, probably flawed SAML implimementation that will get the job done, but won't scale past the immediate need we have.

If you have any additional thoughts, please share. Once again, I really apprecaite the time you've taken to help me.



On Tue, Dec 23, 2008 at 10:25 AM, <bbbrandt@mmm.com> wrote:

"Scott Cantor" <cantor.2@osu.edu> wrote on 12/22/2008 07:35:56 PM:



> My advice is to do less coding and more integration, and design the
> application to be agnostic to the form of authentication, something that is
> learned through experience but isn't something the material on SAML is going
> to explain.
> -- Scott


Well stated.   There's plenty of stable code on the shelf to build what one needs, and replace (or add) parts when/where needed.

Bob Brandt, 3M

(646) 206-8337

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]