Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Hi All

Subject: OpenSAML user discussion

List archive

Re: Hi All


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: Hi All
  • Date: Sat, 26 Aug 2006 07:42:11 -0400
SAML is to most federated ID systems as HTTP is to web servers, in that it is simply the protocol used to talk between agents. You're right, SAML doesn't specify *how* you do authentication because there are so many possible ways of doing it. So, an identity provider (the SAML component that can authenticate people and access their identity attributes) is responsible for implementing this in a fashion that is reasonable for its target audience. Some, like Shibboleth (which the OpenSAML library was written for), uses the Java servlet container or web server it's deployed in to handle the authentication. Other IdPs that have a more tightly scoped, targeted, audience might write authentication code that was more tightly coupled with their product.

So, "federated identity system"s is just the buzz word we use to describe the applications and infrastructure which can authenticate and transport information about individuals across administrative boundaries (i.e. from systems *I* control to systems *you* control).

JAAS is just a Java API for encapsulating some authentication mechanisms. Some initial work has been done in creating a JAAS module that may be used as a service provider (the SAML component that protects a resource and communicates with the IdP), but I don't believe there are any that I'd consider final, full-fledged, solutions yet.

Balasubramaniam Janakiraman wrote:
Hi,

My company wanted to implement SSO for interanet web application. I had went through GSS-API using kerberos API. But the security team told that for kerberos authentication firewall port needs to be opened . They suggested for SAML. I went through SAML specification. It specifies the message flow but . It didn't specify the authentication technical details.Then i searched for SAML implementation toolkits and found in sourceid. But they also have something called Federated Identity . Now I am confused what to use. If possible kindly provide the details as a difference between SAML , Federated identity and JAAS using kerberos.

Thanks,

Bala.J


--

Chad La Joie 2052-C Harris Bldg
OIS-Middleware 202.687.0124

  • Hi All, Balasubramaniam Janakiraman, 08/26/2006
    • Re: Hi All, Chad La Joie, 08/26/2006

Archive powered by MHonArc 2.6.16.

Top of Page