OpenSAML user discussion

[Scott Cantor <>]

> I am graduate student in West virginia university.I
> wanted to work on single sign on project for my class
> .I have seen opensaml.org for information but didnt
> find much.

Yeah, my docs suck.

> proceded in the project .i am at very basic stages of
> what tools to use .my basic idea is to create one 
> website with login capabilities and send a link from
> there after authentication to another website where
> the user can get transperently log on.

What you need to first do is read over the SAML 1.1 specification,
particularly the bindings and profiles document where the browser profiles
are described. They define the formats and processing rules for doing what
you're talking about using SAML.

There are dozens of proprietary approaches to doing the same thing, many
universities have them, and they all work at least somewhat alike on the
surface, but implementing yet another one isn't all that useful a project.

> I want to know my approach of using opensaml will work
> or do you have any documentation of what tools are
> needed to be installed for single sign on.

OpenSAML supports a simplifying class for doing work with the POST profile,
but doesn't currently have a similar class for the artifact profile. I'm
hoping to work on that at some point soon.

The harder work is in providing the supporting code and the policy/trust
layer, and integrating it into a web server environment on both ends, which
is what Shibboleth does.

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--