OpenSAML user discussion

["Scott Cantor" <>]

> My requirement is I have two applications deployed on weblogic8.1.
> They have different login screen and mgt.
> 
> Now i want to implement sso over this using SAML.

That would be a case of acting as a service provider to some set of SAML
IdPs.

> So is it possible using SAML authentication assertion? 

Yes, for web-based access. Both SAML 1.1 and 2.0 include profiles for this.
They aren't compatible with each other.

> And if yes then how i can use openSAML api for this?

It depends how much flexibility you need and which version you want. 2.0
support isn't ready yet.

The existing library includes some helper classes for doing the Browser SSO
profiles at the SP end, but much of the work and all of the configuration is
left to you, and I have little help I can provide you. The project code is
just "as is".

The Shibboleth SP is very large, because the gap between when OpenSAML does
and what a full SP does is large. The SP itself might be useful to you
anyway, but it isn't in Java, so it currently requires front-ending Java
servers with Apache or IIS.

-- Scott