OpenSAML user discussion

[mahadev murali <>]

I'm trying to implement single sign on.Sir my problem is as follows. I'm having a identity provider and service provider.There is a login table for the identity provider that contains three fields like username, password, and session ID.Whenever a particular user log into identity provider then his/her session ID will be renewed using request.getsession("true") and stored in the login table.
Now when the user tries to access a service provider then i will check whether the current session matches with the one that is present in login table of the identity provider.If so ill grant access to that user to access the service provider.I have to implement this via saml authetication request and response message. That is why i asked the xml format of saml message that sends session ID and username. Suggest me sir.

Frank Cornelis <> wrote:
>  Hi,
>
>
> It's probably not a good idea to expose the session ID via a (signed)
> SAML authentication request message. Better is to store the SAML
> authentication request Id in the session context (of your servlet
> container) and later on check the InResponseTo value of the incoming
> SAML authentication response against the Id previously stored in the
> session context.
>
>
> Regards,
> Frank.
>
> On Wed, 2008-02-20 at 05:22 -0500,  wrote:
> > Hi,
> > I need to send session ID and username with the SAML authetication request. Can u pls tell me the XML format of SAML message that includes session ID and username?



Murali.

---

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.