mace-opensaml-users - Re: Sending session ID
Subject: OpenSAML user discussion
List archive
- From: Chad La Joie <>
- To:
- Subject: Re: Sending session ID
- Date: Wed, 20 Feb 2008 12:48:40 +0100
- Organization: SWITCH
General SAML questions should be sent to the email list. This is email list is for questions that specifically pertain to the use of the OpenSAML library.
mahadev murali wrote:
I'm trying to implement single sign on.Sir my problem is as follows. I'm having a identity provider and service provider.There is a login table for the identity provider that contains three fields like username, password, and session ID.Whenever a particular user log into identity provider then his/her session ID will be renewed using request.getsession("true") and stored in the login table.
Now when the user tries to access a service provider then i will check whether the current session matches with the one that is present in login table of the identity provider.If so ill grant access to that user to access the service provider.I have to implement this via saml authetication request and response message. That is why i asked the xml format of saml message that sends session ID and username. Suggest me sir.
*/Frank Cornelis
<>/*
wrote:
Hi,
It's probably not a good idea to expose the session ID via a (signed)
SAML authentication request message. Better is to store the SAML
authentication request Id in the session context (of your servlet
container) and later on check the InResponseTo value of the incoming
SAML authentication response against the Id previously stored in the
session context.
Regards,
Frank.
On Wed, 2008-02-20 at 05:22 -0500,
wrote:
> Hi,
> I need to send session ID and username with the SAML
authetication request. Can u pls tell me the XML format of SAML
message that includes session ID and username?
Murali.
------------------------------------------------------------------------
Looking for last minute shopping deals? Find them fast with Yahoo! Search. <http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch/category.php?category=shopping>
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
- Sending session ID, mahadev murali, 02/20/2008
- <Possible follow-up(s)>
- Sending session ID, muraliever4u, 02/20/2008
- Re: Sending session ID, Frank Cornelis, 02/20/2008
- Re: Sending session ID, mahadev murali, 02/20/2008
- Re: Sending session ID, Chad La Joie, 02/20/2008
- Re: Sending session ID, mahadev murali, 02/20/2008
- Re: Sending session ID, Frank Cornelis, 02/20/2008
Archive powered by MHonArc 2.6.16.