OpenSAML user discussion

["Laxmanareddy, Tathireddy (IE10)" <>]

Cantor or anyone,

 

Typically what are all the things that need to done to deploy SSO using openSAML API.I have two web based applications with different user info (user name in App1 is 'laxman' where as in App2 is 'lakshman'.

 

I list what I perceive can be done

 

1. Can build saml response at intersite transfer service and send it so that assertion consumer service can accept it.

2. I can sign the assertions.

3. I can verify the signatures.

 

I am not clear on

 

1. How session management is done on application side. for entering into an application userneeds to get into session. should the assertion consumer service create a session for user?

2. how the mapping of usernames is done ?

3. where should the application store information as to what sites it can grant permission to under SSO?

4. where should the assertion ID's and timestamp stored , and how assertion ID is expired after the timestamp ?

 

I am sorry if I am the culprit , who didnt understand spec well.

but  , please clarify .

 

Thanks In Advance

Laxman

reply to me at mailto: