Menu
▾
▴
asimba-users — Questions and answers of Asimba users
You can subscribe to this list here.
| 2014 |
Jan
(5) |
Feb
(2) |
Mar
|
Apr
(2) |
May
|
Jun
(5) |
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2015 |
Jan
|
Feb
(11) |
Mar
|
Apr
|
May
(6) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Zico <mai...@gm...> - 2015-05-27 09:07:40
|
Hi Mark, Generally when I am attaching a SP with Asimba... there is no problem. I mean, no such error like that. But whenever I am trying to implement our SAML authentication script ( https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/saml ), I am getting this error. I am including Yuriy here as he is the write of our SAML Authentication script so if there is any question here, we will get concrete answer from Yuriy as well. On Wed, May 27, 2015 at 2:35 AM, Mark Dobrinic <mdo...@co...> wrote: > Hi Zico, > > There are a couple of places where the EventLogger logs a "Security > Fault" message. In general, it seems to happen to report a > SAML2SecurityException being thrown. > > This can be caused by catching an OpenSAML SecurityException that is > being caught and thrown as an Asimba SAML2SecurityException. > > The source of this, could be a signature that does not validate, or > something like that. > > Does it include a stack trace anywhere, to see where it is sourced from? > > Cheers! > > Mark > > > On 21/05/15 18:13, Zico wrote: > > Hello, > > > > The purpose of this email is basically to know the 'reason' / 'root > > cause' of such error named 'Security Fault'. What does it mean? > > Basically I am getting a 403 error in my web browser whenever I am > > trying to reach the discovery page from SAML_issuer ( SP ). And, from > > stack trace the 'reason' of this 403 error seems this: > > > > INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1 > > INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1. > > Store current request parameters in session because Saml don't pass them > > via service URI > > INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1. > > Prepared assertionConsumerServiceUrl: > > https://idp.example.com/oxauth/postlogin > > INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1. > > external_auth_request_uri: > > > https://idp.example.com/asimba/profiles/saml2/sso/web?SAMLRequest=nZPLbtswEEV%2FReCe1gO2GxOWAddBUQNJKthqtwVDjRMCFEfljBLn70v5UWjRetEVCc7F3LmH5JJ06zq17vnV7%2BBXD8TJsXWe1KlQij54hZosKa9bIMVG7dePD6qYZKoLyGjQiWRNBIEt%2Bg166lsIewhv1sD33UMpXpk7Umlqm25isA8EDnUTt22KRx2d0w6JHb5YL5LtfSl%2BHha6mRkzlQdT3Mlp3jxLnYORn4r5fLHQ82ljTJQS9bD1xNpzKYosn8lsJou8zucqu1PFVCTVZcLP1jfWv9yO83wWkfpa15Wsvu1rkfyAQDFWbD%2FJxGo5QFEn3zDCdLutvrIRqysJDA0EyRH2CAgjOhqoLNORzdmzU0%2Bx7%2Fa%2BQmfNR7J2Dt83ATRDKTj0IJIvGFrNtycZTmwjDyep6oZoxOBZpFeXyxOA5vQg4mUyHDnZYNvpYGngAEdt%2BEpirNq4GHQHh%2F%2FhclNmlBlax%2BMqLu%2BR3XCrYOKUddCeOgx8Qfa3eVbn2j%2By%2FamOf8DqNw%3D%3D > > INFO | jvm 1 | 2015/05/21 16:08:25 | 16:08:25.277 > > [ajp-bio-127.0.0.1-8009-exec-2] INFO com.alfaariss.oa.EventLogger - > > null, null, null, null, null, 118.179.164.14, 2, REQUEST_INVALID, null, > > SAML2 Profile, Security Fault > > > > > > > > -- > > Best, > > Zico > > > > > > > ------------------------------------------------------------------------------ > > One dashboard for servers and applications across Physical-Virtual-Cloud > > Widest out-of-the-box monitoring support with 50+ applications > > Performance metrics, stats and reports that give you Actionable Insights > > Deep dive visibility with transaction tracing using APM Insight. > > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > > > > > > _______________________________________________ > > Asimba-users mailing list > > Asi...@li... > > https://lists.sourceforge.net/lists/listinfo/asimba-users > > > > -- Best, Zico |
|
From: Mark D. <mdo...@co...> - 2015-05-27 07:35:34
|
Hi Zico, There are a couple of places where the EventLogger logs a "Security Fault" message. In general, it seems to happen to report a SAML2SecurityException being thrown. This can be caused by catching an OpenSAML SecurityException that is being caught and thrown as an Asimba SAML2SecurityException. The source of this, could be a signature that does not validate, or something like that. Does it include a stack trace anywhere, to see where it is sourced from? Cheers! Mark On 21/05/15 18:13, Zico wrote: > Hello, > > The purpose of this email is basically to know the 'reason' / 'root > cause' of such error named 'Security Fault'. What does it mean? > Basically I am getting a 403 error in my web browser whenever I am > trying to reach the discovery page from SAML_issuer ( SP ). And, from > stack trace the 'reason' of this 403 error seems this: > > INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1 > INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1. > Store current request parameters in session because Saml don't pass them > via service URI > INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1. > Prepared assertionConsumerServiceUrl: > https://idp.example.com/oxauth/postlogin > INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1. > external_auth_request_uri: > https://idp.example.com/asimba/profiles/saml2/sso/web?SAMLRequest=nZPLbtswEEV%2FReCe1gO2GxOWAddBUQNJKthqtwVDjRMCFEfljBLn70v5UWjRetEVCc7F3LmH5JJ06zq17vnV7%2BBXD8TJsXWe1KlQij54hZosKa9bIMVG7dePD6qYZKoLyGjQiWRNBIEt%2Bg166lsIewhv1sD33UMpXpk7Umlqm25isA8EDnUTt22KRx2d0w6JHb5YL5LtfSl%2BHha6mRkzlQdT3Mlp3jxLnYORn4r5fLHQ82ljTJQS9bD1xNpzKYosn8lsJou8zucqu1PFVCTVZcLP1jfWv9yO83wWkfpa15Wsvu1rkfyAQDFWbD%2FJxGo5QFEn3zDCdLutvrIRqysJDA0EyRH2CAgjOhqoLNORzdmzU0%2Bx7%2Fa%2BQmfNR7J2Dt83ATRDKTj0IJIvGFrNtycZTmwjDyep6oZoxOBZpFeXyxOA5vQg4mUyHDnZYNvpYGngAEdt%2BEpirNq4GHQHh%2F%2FhclNmlBlax%2BMqLu%2BR3XCrYOKUddCeOgx8Qfa3eVbn2j%2By%2FamOf8DqNw%3D%3D > INFO | jvm 1 | 2015/05/21 16:08:25 | 16:08:25.277 > [ajp-bio-127.0.0.1-8009-exec-2] INFO com.alfaariss.oa.EventLogger - > null, null, null, null, null, 118.179.164.14, 2, REQUEST_INVALID, null, > SAML2 Profile, Security Fault > > > > -- > Best, > Zico > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > > _______________________________________________ > Asimba-users mailing list > Asi...@li... > https://lists.sourceforge.net/lists/listinfo/asimba-users > |
|
From: Zico <mai...@gm...> - 2015-05-21 16:13:45
|
Hello, The purpose of this email is basically to know the 'reason' / 'root cause' of such error named 'Security Fault'. What does it mean? Basically I am getting a 403 error in my web browser whenever I am trying to reach the discovery page from SAML_issuer ( SP ). And, from stack trace the 'reason' of this 403 error seems this: INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1 INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1. Store current request parameters in session because Saml don't pass them via service URI INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1. Prepared assertionConsumerServiceUrl: https://idp.example.com/oxauth/postlogin INFO | jvm 1 | 2015/05/21 16:08:24 | Saml. Prepare for step 1. external_auth_request_uri: https://idp.example.com/asimba/profiles/saml2/sso/web?SAMLRequest=nZPLbtswEEV%2FReCe1gO2GxOWAddBUQNJKthqtwVDjRMCFEfljBLn70v5UWjRetEVCc7F3LmH5JJ06zq17vnV7%2BBXD8TJsXWe1KlQij54hZosKa9bIMVG7dePD6qYZKoLyGjQiWRNBIEt%2Bg166lsIewhv1sD33UMpXpk7Umlqm25isA8EDnUTt22KRx2d0w6JHb5YL5LtfSl%2BHha6mRkzlQdT3Mlp3jxLnYORn4r5fLHQ82ljTJQS9bD1xNpzKYosn8lsJou8zucqu1PFVCTVZcLP1jfWv9yO83wWkfpa15Wsvu1rkfyAQDFWbD%2FJxGo5QFEn3zDCdLutvrIRqysJDA0EyRH2CAgjOhqoLNORzdmzU0%2Bx7%2Fa%2BQmfNR7J2Dt83ATRDKTj0IJIvGFrNtycZTmwjDyep6oZoxOBZpFeXyxOA5vQg4mUyHDnZYNvpYGngAEdt%2BEpirNq4GHQHh%2F%2FhclNmlBlax%2BMqLu%2BR3XCrYOKUddCeOgx8Qfa3eVbn2j%2By%2FamOf8DqNw%3D%3D INFO | jvm 1 | 2015/05/21 16:08:25 | 16:08:25.277 [ajp-bio-127.0.0.1-8009-exec-2] INFO com.alfaariss.oa.EventLogger - null, null, null, null, null, 118.179.164.14, 2, REQUEST_INVALID, null, SAML2 Profile, Security Fault -- Best, Zico |
|
From: Zico <mai...@gm...> - 2015-05-21 16:10:12
|
Thanks for confirmation, Mark. :-) That makes sense... On Thu, May 21, 2015 at 3:19 AM, Mark Dobrinic <mdo...@co...> wrote: > Hi Zico, > > The answer to your question is no, there is no link to show the > discovery page. One reason for this is that the page is rendered > specifically for (a specific request from) an SP; every SP can have its > own restrictions on which IDPs are allowed to authenticate to it. > > There are some extension points that you can implement/configure, that > can assist with pre-selecting the IDPs for the actual SP. > > Cheers, > > Mark > > On 20/05/15 19:14, Zico wrote: > > Hi, > > > > I know I can get the discovery page of my Asimba server whenever I am > > calling it from my SP ( SP-initiated SSO ) but i am wondering if there > > is any link / configuration with which I can directly see my Asimba's > > discovery page without involving SP to test? > > > > > > -- > > Best, > > Zico > > > > > > > ------------------------------------------------------------------------------ > > One dashboard for servers and applications across Physical-Virtual-Cloud > > Widest out-of-the-box monitoring support with 50+ applications > > Performance metrics, stats and reports that give you Actionable Insights > > Deep dive visibility with transaction tracing using APM Insight. > > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > > > > > > _______________________________________________ > > Asimba-users mailing list > > Asi...@li... > > https://lists.sourceforge.net/lists/listinfo/asimba-users > > > > -- Best, Zico |
|
From: Mark D. <mdo...@co...> - 2015-05-21 08:36:53
|
Hi Zico, The answer to your question is no, there is no link to show the discovery page. One reason for this is that the page is rendered specifically for (a specific request from) an SP; every SP can have its own restrictions on which IDPs are allowed to authenticate to it. There are some extension points that you can implement/configure, that can assist with pre-selecting the IDPs for the actual SP. Cheers, Mark On 20/05/15 19:14, Zico wrote: > Hi, > > I know I can get the discovery page of my Asimba server whenever I am > calling it from my SP ( SP-initiated SSO ) but i am wondering if there > is any link / configuration with which I can directly see my Asimba's > discovery page without involving SP to test? > > > -- > Best, > Zico > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > > _______________________________________________ > Asimba-users mailing list > Asi...@li... > https://lists.sourceforge.net/lists/listinfo/asimba-users > |
|
From: Zico <mai...@gm...> - 2015-05-20 17:14:59
|
Hi, I know I can get the discovery page of my Asimba server whenever I am calling it from my SP ( SP-initiated SSO ) but i am wondering if there is any link / configuration with which I can directly see my Asimba's discovery page without involving SP to test? -- Best, Zico |
|
From: Mohamed El H. <Moh...@ad...> - 2015-02-27 15:13:17
|
Ok, thank you very much for your answer Mohamed -----Original Message----- From: Mark Dobrinic [mailto:mdo...@co...] Sent: vendredi 27 février 2015 15:17 To: Mohamed El Hajj; asi...@li... Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service Provider No, that is not possible. That would require some interceptor that creates the SAML requests. I'd advice you to try out Shibboleth for that exact purpose, because what you describe is the kind of problem that Shibboleth pretty much was designed for to solve. What *could* be interesting, is that you could configure a Shibboleth-instance to generate that AuthnRequest and send it to Asimba. Then, Asimba can pick it up and do the IDP discovery, SSO caching, etc, which would leave all the dynamics to be executed by Asimba, and Shibboleth can be configured really statically to just hook into Asimba. That could make sense. You follow my thinking here? But I seriously think that Shibboleth is a good first step to solve your problem. Cheers! Mark On 27/02/15 10:01, Mohamed El Hajj wrote: > No, in fact, i would like to test this behavior of asimba on a simple directory that I need to protect in an apache Web Server, with SAML authentication without using a Service provider (but using asimba instead). So my application doesn't send anything, it is just a directory. For example when using Shibboleth SP, the shib apache module generates the authnRequest, but in my case there is no shibd, it is just a directory that I need to protect with SAML authentication using asimba. So is that still possible? > > -----Original Message----- > From: Mark Dobrinic [mailto:mdo...@co...] > Sent: vendredi 27 février 2015 09:49 > To: Mohamed El Hajj; asi...@li... > Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service > Provider > > Can your application send SAML AuthnRequests? > > On 27/02/15 09:47, Mohamed El Hajj wrote: >> Yes i would like to know how to configure asimba to act as a SAML Service provider for an application, could you give me an configuration example on that? >> >> Thank you very much >> >> -----Original Message----- >> From: Mark Dobrinic [mailto:mdo...@co...] >> Sent: jeudi 26 février 2015 18:36 >> To: Mohamed El Hajj; asi...@li... >> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >> Provider >> >> Yes, that is perfectly possible, and Asimba is then fufilling the role of SAML SP. >> >> Would you want some assistence in setting up such a thing? >> >> Cheers! >> >> Mark >> >> On 26/02/15 18:25, Mohamed El Hajj wrote: >>> Mark, >>> >>> In my use case, the asimba proxy sends the Authentication Request and acts as SAML SP towards the SAML IDP. Can asimba proxy act as a SAML Service provider? >>> >>> Thanks >>> >>> >>> -----Original Message----- >>> From: Mark Dobrinic [mailto:mdo...@co...] >>> Sent: jeudi 26 février 2015 18:07 >>> To: Mohamed El Hajj; asi...@li... >>> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >>> Provider >>> >>> Hi Mohamed, >>> >>> You can use Asimba as SAML Proxy for sure. >>> As an application send an AuthnRequest to Asimba, and Asimba will act as a SAML SP towards a Remote SAML IDP. >>> >>> Is that your usecase? >>> >>> Cheers! >>> >>> Mark >>> >>> >>> >>> On 26/02/15 17:42, Mohamed El Hajj wrote: >>>> Hi Mark, >>>> >>>> In fact i wanted to see if i could use asimba in SAML Proxy mode, >>>> instead of Shibboleth Service Provider, >>>> >>>> So is there a way to do this? >>>> >>>> >>>> -----Original Message----- >>>> From: Mark Dobrinic [mailto:mdo...@co...] >>>> Sent: jeudi 26 février 2015 17:37 >>>> To: Mohamed El Hajj; asi...@li... >>>> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >>>> Provider >>>> >>>> Hi Mohamed, >>>> >>>> Asimba is primarily an Identity Provider, that has capabilities to relay an inbound authentication request to another SAML Identity Provider -- the SAML Proxy mode of Asimba. >>>> >>>> In this mode, Asimba performs the SAML Service Provider profile. >>>> >>>> If this is what you mean, then the answer is yes. >>>> >>>> If you are looking for a solution to integrate Asimba into your existing application, and Asimba should fulfill the SAML Service Provider role *towards your application*, then the answer is: there is no easy straight-forward way. You might be interested in taking a look at Shibboleth for that purpose. >>>> >>>> Did you get your question answered by this? >>>> >>>> Cheers! >>>> >>>> Mark >>>> >>>> >>>> >>>> >>>> On 26/02/15 17:17, Mohamed El Hajj wrote: >>>>> Hi, >>>>> >>>>> >>>>> >>>>> Can we use asimba SAML Proxy as a SAML Service Provider? >>>>> >>>>> >>>>> >>>>> Thank you >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Mohamed EL HAJJ >>>>> >>>>> @ Moh...@ad... <mailto:Moh...@ad...> >>>>> >>>>> (01 46 83 30 91 >>>>> >>>>> http://www.aduneo.com <http://www.aduneo.com/> >>>>> >>>>> 3 rue Danton 92240 Malakoff >>>>> >>>>> cid:image001.png@01CBCEB8.58797410 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------ >>>>> - >>>>> - >>>>> - >>>>> - >>>>> -------- Dive into the World of Parallel Programming The Go >>>>> Parallel Website, sponsored by Intel and developed in partnership >>>>> with Slashdot Media, is your hub for all things parallel software >>>>> development, from weekly thought leadership blogs to news, videos, >>>>> case studies, tutorials and more. Take a look and join the conversation now. >>>>> http://goparallel.sourceforge.net/ >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Asimba-users mailing list >>>>> Asi...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/asimba-users >>>>> >>>> >>> >> > |
|
From: Mark D. <mdo...@co...> - 2015-02-27 14:16:51
|
No, that is not possible. That would require some interceptor that creates the SAML requests. I'd advice you to try out Shibboleth for that exact purpose, because what you describe is the kind of problem that Shibboleth pretty much was designed for to solve. What *could* be interesting, is that you could configure a Shibboleth-instance to generate that AuthnRequest and send it to Asimba. Then, Asimba can pick it up and do the IDP discovery, SSO caching, etc, which would leave all the dynamics to be executed by Asimba, and Shibboleth can be configured really statically to just hook into Asimba. That could make sense. You follow my thinking here? But I seriously think that Shibboleth is a good first step to solve your problem. Cheers! Mark On 27/02/15 10:01, Mohamed El Hajj wrote: > No, in fact, i would like to test this behavior of asimba on a simple directory that I need to protect in an apache Web Server, with SAML authentication without using a Service provider (but using asimba instead). So my application doesn't send anything, it is just a directory. For example when using Shibboleth SP, the shib apache module generates the authnRequest, but in my case there is no shibd, it is just a directory that I need to protect with SAML authentication using asimba. So is that still possible? > > -----Original Message----- > From: Mark Dobrinic [mailto:mdo...@co...] > Sent: vendredi 27 février 2015 09:49 > To: Mohamed El Hajj; asi...@li... > Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service Provider > > Can your application send SAML AuthnRequests? > > On 27/02/15 09:47, Mohamed El Hajj wrote: >> Yes i would like to know how to configure asimba to act as a SAML Service provider for an application, could you give me an configuration example on that? >> >> Thank you very much >> >> -----Original Message----- >> From: Mark Dobrinic [mailto:mdo...@co...] >> Sent: jeudi 26 février 2015 18:36 >> To: Mohamed El Hajj; asi...@li... >> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >> Provider >> >> Yes, that is perfectly possible, and Asimba is then fufilling the role of SAML SP. >> >> Would you want some assistence in setting up such a thing? >> >> Cheers! >> >> Mark >> >> On 26/02/15 18:25, Mohamed El Hajj wrote: >>> Mark, >>> >>> In my use case, the asimba proxy sends the Authentication Request and acts as SAML SP towards the SAML IDP. Can asimba proxy act as a SAML Service provider? >>> >>> Thanks >>> >>> >>> -----Original Message----- >>> From: Mark Dobrinic [mailto:mdo...@co...] >>> Sent: jeudi 26 février 2015 18:07 >>> To: Mohamed El Hajj; asi...@li... >>> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >>> Provider >>> >>> Hi Mohamed, >>> >>> You can use Asimba as SAML Proxy for sure. >>> As an application send an AuthnRequest to Asimba, and Asimba will act as a SAML SP towards a Remote SAML IDP. >>> >>> Is that your usecase? >>> >>> Cheers! >>> >>> Mark >>> >>> >>> >>> On 26/02/15 17:42, Mohamed El Hajj wrote: >>>> Hi Mark, >>>> >>>> In fact i wanted to see if i could use asimba in SAML Proxy mode, >>>> instead of Shibboleth Service Provider, >>>> >>>> So is there a way to do this? >>>> >>>> >>>> -----Original Message----- >>>> From: Mark Dobrinic [mailto:mdo...@co...] >>>> Sent: jeudi 26 février 2015 17:37 >>>> To: Mohamed El Hajj; asi...@li... >>>> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >>>> Provider >>>> >>>> Hi Mohamed, >>>> >>>> Asimba is primarily an Identity Provider, that has capabilities to relay an inbound authentication request to another SAML Identity Provider -- the SAML Proxy mode of Asimba. >>>> >>>> In this mode, Asimba performs the SAML Service Provider profile. >>>> >>>> If this is what you mean, then the answer is yes. >>>> >>>> If you are looking for a solution to integrate Asimba into your existing application, and Asimba should fulfill the SAML Service Provider role *towards your application*, then the answer is: there is no easy straight-forward way. You might be interested in taking a look at Shibboleth for that purpose. >>>> >>>> Did you get your question answered by this? >>>> >>>> Cheers! >>>> >>>> Mark >>>> >>>> >>>> >>>> >>>> On 26/02/15 17:17, Mohamed El Hajj wrote: >>>>> Hi, >>>>> >>>>> >>>>> >>>>> Can we use asimba SAML Proxy as a SAML Service Provider? >>>>> >>>>> >>>>> >>>>> Thank you >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Mohamed EL HAJJ >>>>> >>>>> @ Moh...@ad... <mailto:Moh...@ad...> >>>>> >>>>> (01 46 83 30 91 >>>>> >>>>> http://www.aduneo.com <http://www.aduneo.com/> >>>>> >>>>> 3 rue Danton 92240 Malakoff >>>>> >>>>> cid:image001.png@01CBCEB8.58797410 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------- >>>>> - >>>>> - >>>>> - >>>>> -------- Dive into the World of Parallel Programming The Go >>>>> Parallel Website, sponsored by Intel and developed in partnership >>>>> with Slashdot Media, is your hub for all things parallel software >>>>> development, from weekly thought leadership blogs to news, videos, >>>>> case studies, tutorials and more. Take a look and join the conversation now. >>>>> http://goparallel.sourceforge.net/ >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Asimba-users mailing list >>>>> Asi...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/asimba-users >>>>> >>>> >>> >> > |
|
From: Mohamed El H. <Moh...@ad...> - 2015-02-27 09:01:27
|
No, in fact, i would like to test this behavior of asimba on a simple directory that I need to protect in an apache Web Server, with SAML authentication without using a Service provider (but using asimba instead). So my application doesn't send anything, it is just a directory. For example when using Shibboleth SP, the shib apache module generates the authnRequest, but in my case there is no shibd, it is just a directory that I need to protect with SAML authentication using asimba. So is that still possible? -----Original Message----- From: Mark Dobrinic [mailto:mdo...@co...] Sent: vendredi 27 février 2015 09:49 To: Mohamed El Hajj; asi...@li... Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service Provider Can your application send SAML AuthnRequests? On 27/02/15 09:47, Mohamed El Hajj wrote: > Yes i would like to know how to configure asimba to act as a SAML Service provider for an application, could you give me an configuration example on that? > > Thank you very much > > -----Original Message----- > From: Mark Dobrinic [mailto:mdo...@co...] > Sent: jeudi 26 février 2015 18:36 > To: Mohamed El Hajj; asi...@li... > Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service > Provider > > Yes, that is perfectly possible, and Asimba is then fufilling the role of SAML SP. > > Would you want some assistence in setting up such a thing? > > Cheers! > > Mark > > On 26/02/15 18:25, Mohamed El Hajj wrote: >> Mark, >> >> In my use case, the asimba proxy sends the Authentication Request and acts as SAML SP towards the SAML IDP. Can asimba proxy act as a SAML Service provider? >> >> Thanks >> >> >> -----Original Message----- >> From: Mark Dobrinic [mailto:mdo...@co...] >> Sent: jeudi 26 février 2015 18:07 >> To: Mohamed El Hajj; asi...@li... >> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >> Provider >> >> Hi Mohamed, >> >> You can use Asimba as SAML Proxy for sure. >> As an application send an AuthnRequest to Asimba, and Asimba will act as a SAML SP towards a Remote SAML IDP. >> >> Is that your usecase? >> >> Cheers! >> >> Mark >> >> >> >> On 26/02/15 17:42, Mohamed El Hajj wrote: >>> Hi Mark, >>> >>> In fact i wanted to see if i could use asimba in SAML Proxy mode, >>> instead of Shibboleth Service Provider, >>> >>> So is there a way to do this? >>> >>> >>> -----Original Message----- >>> From: Mark Dobrinic [mailto:mdo...@co...] >>> Sent: jeudi 26 février 2015 17:37 >>> To: Mohamed El Hajj; asi...@li... >>> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >>> Provider >>> >>> Hi Mohamed, >>> >>> Asimba is primarily an Identity Provider, that has capabilities to relay an inbound authentication request to another SAML Identity Provider -- the SAML Proxy mode of Asimba. >>> >>> In this mode, Asimba performs the SAML Service Provider profile. >>> >>> If this is what you mean, then the answer is yes. >>> >>> If you are looking for a solution to integrate Asimba into your existing application, and Asimba should fulfill the SAML Service Provider role *towards your application*, then the answer is: there is no easy straight-forward way. You might be interested in taking a look at Shibboleth for that purpose. >>> >>> Did you get your question answered by this? >>> >>> Cheers! >>> >>> Mark >>> >>> >>> >>> >>> On 26/02/15 17:17, Mohamed El Hajj wrote: >>>> Hi, >>>> >>>> >>>> >>>> Can we use asimba SAML Proxy as a SAML Service Provider? >>>> >>>> >>>> >>>> Thank you >>>> >>>> >>>> >>>> >>>> >>>> Mohamed EL HAJJ >>>> >>>> @ Moh...@ad... <mailto:Moh...@ad...> >>>> >>>> (01 46 83 30 91 >>>> >>>> http://www.aduneo.com <http://www.aduneo.com/> >>>> >>>> 3 rue Danton 92240 Malakoff >>>> >>>> cid:image001.png@01CBCEB8.58797410 >>>> >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------- >>>> - >>>> - >>>> - >>>> -------- Dive into the World of Parallel Programming The Go >>>> Parallel Website, sponsored by Intel and developed in partnership >>>> with Slashdot Media, is your hub for all things parallel software >>>> development, from weekly thought leadership blogs to news, videos, >>>> case studies, tutorials and more. Take a look and join the conversation now. >>>> http://goparallel.sourceforge.net/ >>>> >>>> >>>> >>>> _______________________________________________ >>>> Asimba-users mailing list >>>> Asi...@li... >>>> https://lists.sourceforge.net/lists/listinfo/asimba-users >>>> >>> >> > |
|
From: Mark D. <mdo...@co...> - 2015-02-27 08:49:11
|
Can your application send SAML AuthnRequests? On 27/02/15 09:47, Mohamed El Hajj wrote: > Yes i would like to know how to configure asimba to act as a SAML Service provider for an application, could you give me an configuration example on that? > > Thank you very much > > -----Original Message----- > From: Mark Dobrinic [mailto:mdo...@co...] > Sent: jeudi 26 février 2015 18:36 > To: Mohamed El Hajj; asi...@li... > Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service Provider > > Yes, that is perfectly possible, and Asimba is then fufilling the role of SAML SP. > > Would you want some assistence in setting up such a thing? > > Cheers! > > Mark > > On 26/02/15 18:25, Mohamed El Hajj wrote: >> Mark, >> >> In my use case, the asimba proxy sends the Authentication Request and acts as SAML SP towards the SAML IDP. Can asimba proxy act as a SAML Service provider? >> >> Thanks >> >> >> -----Original Message----- >> From: Mark Dobrinic [mailto:mdo...@co...] >> Sent: jeudi 26 février 2015 18:07 >> To: Mohamed El Hajj; asi...@li... >> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >> Provider >> >> Hi Mohamed, >> >> You can use Asimba as SAML Proxy for sure. >> As an application send an AuthnRequest to Asimba, and Asimba will act as a SAML SP towards a Remote SAML IDP. >> >> Is that your usecase? >> >> Cheers! >> >> Mark >> >> >> >> On 26/02/15 17:42, Mohamed El Hajj wrote: >>> Hi Mark, >>> >>> In fact i wanted to see if i could use asimba in SAML Proxy mode, >>> instead of Shibboleth Service Provider, >>> >>> So is there a way to do this? >>> >>> >>> -----Original Message----- >>> From: Mark Dobrinic [mailto:mdo...@co...] >>> Sent: jeudi 26 février 2015 17:37 >>> To: Mohamed El Hajj; asi...@li... >>> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >>> Provider >>> >>> Hi Mohamed, >>> >>> Asimba is primarily an Identity Provider, that has capabilities to relay an inbound authentication request to another SAML Identity Provider -- the SAML Proxy mode of Asimba. >>> >>> In this mode, Asimba performs the SAML Service Provider profile. >>> >>> If this is what you mean, then the answer is yes. >>> >>> If you are looking for a solution to integrate Asimba into your existing application, and Asimba should fulfill the SAML Service Provider role *towards your application*, then the answer is: there is no easy straight-forward way. You might be interested in taking a look at Shibboleth for that purpose. >>> >>> Did you get your question answered by this? >>> >>> Cheers! >>> >>> Mark >>> >>> >>> >>> >>> On 26/02/15 17:17, Mohamed El Hajj wrote: >>>> Hi, >>>> >>>> >>>> >>>> Can we use asimba SAML Proxy as a SAML Service Provider? >>>> >>>> >>>> >>>> Thank you >>>> >>>> >>>> >>>> >>>> >>>> Mohamed EL HAJJ >>>> >>>> @ Moh...@ad... <mailto:Moh...@ad...> >>>> >>>> (01 46 83 30 91 >>>> >>>> http://www.aduneo.com <http://www.aduneo.com/> >>>> >>>> 3 rue Danton 92240 Malakoff >>>> >>>> cid:image001.png@01CBCEB8.58797410 >>>> >>>> >>>> >>>> >>>> >>>> -------------------------------------------------------------------- >>>> - >>>> - >>>> -------- Dive into the World of Parallel Programming The Go Parallel >>>> Website, sponsored by Intel and developed in partnership with >>>> Slashdot Media, is your hub for all things parallel software >>>> development, from weekly thought leadership blogs to news, videos, >>>> case studies, tutorials and more. Take a look and join the conversation now. >>>> http://goparallel.sourceforge.net/ >>>> >>>> >>>> >>>> _______________________________________________ >>>> Asimba-users mailing list >>>> Asi...@li... >>>> https://lists.sourceforge.net/lists/listinfo/asimba-users >>>> >>> >> > |
|
From: Mohamed El H. <Moh...@ad...> - 2015-02-27 08:48:05
|
Yes i would like to know how to configure asimba to act as a SAML Service provider for an application, could you give me an configuration example on that? Thank you very much -----Original Message----- From: Mark Dobrinic [mailto:mdo...@co...] Sent: jeudi 26 février 2015 18:36 To: Mohamed El Hajj; asi...@li... Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service Provider Yes, that is perfectly possible, and Asimba is then fufilling the role of SAML SP. Would you want some assistence in setting up such a thing? Cheers! Mark On 26/02/15 18:25, Mohamed El Hajj wrote: > Mark, > > In my use case, the asimba proxy sends the Authentication Request and acts as SAML SP towards the SAML IDP. Can asimba proxy act as a SAML Service provider? > > Thanks > > > -----Original Message----- > From: Mark Dobrinic [mailto:mdo...@co...] > Sent: jeudi 26 février 2015 18:07 > To: Mohamed El Hajj; asi...@li... > Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service > Provider > > Hi Mohamed, > > You can use Asimba as SAML Proxy for sure. > As an application send an AuthnRequest to Asimba, and Asimba will act as a SAML SP towards a Remote SAML IDP. > > Is that your usecase? > > Cheers! > > Mark > > > > On 26/02/15 17:42, Mohamed El Hajj wrote: >> Hi Mark, >> >> In fact i wanted to see if i could use asimba in SAML Proxy mode, >> instead of Shibboleth Service Provider, >> >> So is there a way to do this? >> >> >> -----Original Message----- >> From: Mark Dobrinic [mailto:mdo...@co...] >> Sent: jeudi 26 février 2015 17:37 >> To: Mohamed El Hajj; asi...@li... >> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >> Provider >> >> Hi Mohamed, >> >> Asimba is primarily an Identity Provider, that has capabilities to relay an inbound authentication request to another SAML Identity Provider -- the SAML Proxy mode of Asimba. >> >> In this mode, Asimba performs the SAML Service Provider profile. >> >> If this is what you mean, then the answer is yes. >> >> If you are looking for a solution to integrate Asimba into your existing application, and Asimba should fulfill the SAML Service Provider role *towards your application*, then the answer is: there is no easy straight-forward way. You might be interested in taking a look at Shibboleth for that purpose. >> >> Did you get your question answered by this? >> >> Cheers! >> >> Mark >> >> >> >> >> On 26/02/15 17:17, Mohamed El Hajj wrote: >>> Hi, >>> >>> >>> >>> Can we use asimba SAML Proxy as a SAML Service Provider? >>> >>> >>> >>> Thank you >>> >>> >>> >>> >>> >>> Mohamed EL HAJJ >>> >>> @ Moh...@ad... <mailto:Moh...@ad...> >>> >>> (01 46 83 30 91 >>> >>> http://www.aduneo.com <http://www.aduneo.com/> >>> >>> 3 rue Danton 92240 Malakoff >>> >>> cid:image001.png@01CBCEB8.58797410 >>> >>> >>> >>> >>> >>> -------------------------------------------------------------------- >>> - >>> - >>> -------- Dive into the World of Parallel Programming The Go Parallel >>> Website, sponsored by Intel and developed in partnership with >>> Slashdot Media, is your hub for all things parallel software >>> development, from weekly thought leadership blogs to news, videos, >>> case studies, tutorials and more. Take a look and join the conversation now. >>> http://goparallel.sourceforge.net/ >>> >>> >>> >>> _______________________________________________ >>> Asimba-users mailing list >>> Asi...@li... >>> https://lists.sourceforge.net/lists/listinfo/asimba-users >>> >> > |
|
From: Mark D. <mdo...@co...> - 2015-02-26 17:35:42
|
Yes, that is perfectly possible, and Asimba is then fufilling the role of SAML SP. Would you want some assistence in setting up such a thing? Cheers! Mark On 26/02/15 18:25, Mohamed El Hajj wrote: > Mark, > > In my use case, the asimba proxy sends the Authentication Request and acts as SAML SP towards the SAML IDP. Can asimba proxy act as a SAML Service provider? > > Thanks > > > -----Original Message----- > From: Mark Dobrinic [mailto:mdo...@co...] > Sent: jeudi 26 février 2015 18:07 > To: Mohamed El Hajj; asi...@li... > Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service Provider > > Hi Mohamed, > > You can use Asimba as SAML Proxy for sure. > As an application send an AuthnRequest to Asimba, and Asimba will act as a SAML SP towards a Remote SAML IDP. > > Is that your usecase? > > Cheers! > > Mark > > > > On 26/02/15 17:42, Mohamed El Hajj wrote: >> Hi Mark, >> >> In fact i wanted to see if i could use asimba in SAML Proxy mode, >> instead of Shibboleth Service Provider, >> >> So is there a way to do this? >> >> >> -----Original Message----- >> From: Mark Dobrinic [mailto:mdo...@co...] >> Sent: jeudi 26 février 2015 17:37 >> To: Mohamed El Hajj; asi...@li... >> Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service >> Provider >> >> Hi Mohamed, >> >> Asimba is primarily an Identity Provider, that has capabilities to relay an inbound authentication request to another SAML Identity Provider -- the SAML Proxy mode of Asimba. >> >> In this mode, Asimba performs the SAML Service Provider profile. >> >> If this is what you mean, then the answer is yes. >> >> If you are looking for a solution to integrate Asimba into your existing application, and Asimba should fulfill the SAML Service Provider role *towards your application*, then the answer is: there is no easy straight-forward way. You might be interested in taking a look at Shibboleth for that purpose. >> >> Did you get your question answered by this? >> >> Cheers! >> >> Mark >> >> >> >> >> On 26/02/15 17:17, Mohamed El Hajj wrote: >>> Hi, >>> >>> >>> >>> Can we use asimba SAML Proxy as a SAML Service Provider? >>> >>> >>> >>> Thank you >>> >>> >>> >>> >>> >>> Mohamed EL HAJJ >>> >>> @ Moh...@ad... <mailto:Moh...@ad...> >>> >>> (01 46 83 30 91 >>> >>> http://www.aduneo.com <http://www.aduneo.com/> >>> >>> 3 rue Danton 92240 Malakoff >>> >>> cid:image001.png@01CBCEB8.58797410 >>> >>> >>> >>> >>> >>> --------------------------------------------------------------------- >>> - >>> -------- Dive into the World of Parallel Programming The Go Parallel >>> Website, sponsored by Intel and developed in partnership with >>> Slashdot Media, is your hub for all things parallel software >>> development, from weekly thought leadership blogs to news, videos, >>> case studies, tutorials and more. Take a look and join the conversation now. >>> http://goparallel.sourceforge.net/ >>> >>> >>> >>> _______________________________________________ >>> Asimba-users mailing list >>> Asi...@li... >>> https://lists.sourceforge.net/lists/listinfo/asimba-users >>> >> > |
|
From: Mohamed El H. <Moh...@ad...> - 2015-02-26 17:25:37
|
Mark, In my use case, the asimba proxy sends the Authentication Request and acts as SAML SP towards the SAML IDP. Can asimba proxy act as a SAML Service provider? Thanks -----Original Message----- From: Mark Dobrinic [mailto:mdo...@co...] Sent: jeudi 26 février 2015 18:07 To: Mohamed El Hajj; asi...@li... Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service Provider Hi Mohamed, You can use Asimba as SAML Proxy for sure. As an application send an AuthnRequest to Asimba, and Asimba will act as a SAML SP towards a Remote SAML IDP. Is that your usecase? Cheers! Mark On 26/02/15 17:42, Mohamed El Hajj wrote: > Hi Mark, > > In fact i wanted to see if i could use asimba in SAML Proxy mode, > instead of Shibboleth Service Provider, > > So is there a way to do this? > > > -----Original Message----- > From: Mark Dobrinic [mailto:mdo...@co...] > Sent: jeudi 26 février 2015 17:37 > To: Mohamed El Hajj; asi...@li... > Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service > Provider > > Hi Mohamed, > > Asimba is primarily an Identity Provider, that has capabilities to relay an inbound authentication request to another SAML Identity Provider -- the SAML Proxy mode of Asimba. > > In this mode, Asimba performs the SAML Service Provider profile. > > If this is what you mean, then the answer is yes. > > If you are looking for a solution to integrate Asimba into your existing application, and Asimba should fulfill the SAML Service Provider role *towards your application*, then the answer is: there is no easy straight-forward way. You might be interested in taking a look at Shibboleth for that purpose. > > Did you get your question answered by this? > > Cheers! > > Mark > > > > > On 26/02/15 17:17, Mohamed El Hajj wrote: >> Hi, >> >> >> >> Can we use asimba SAML Proxy as a SAML Service Provider? >> >> >> >> Thank you >> >> >> >> >> >> Mohamed EL HAJJ >> >> @ Moh...@ad... <mailto:Moh...@ad...> >> >> (01 46 83 30 91 >> >> http://www.aduneo.com <http://www.aduneo.com/> >> >> 3 rue Danton 92240 Malakoff >> >> cid:image001.png@01CBCEB8.58797410 >> >> >> >> >> >> --------------------------------------------------------------------- >> - >> -------- Dive into the World of Parallel Programming The Go Parallel >> Website, sponsored by Intel and developed in partnership with >> Slashdot Media, is your hub for all things parallel software >> development, from weekly thought leadership blogs to news, videos, >> case studies, tutorials and more. Take a look and join the conversation now. >> http://goparallel.sourceforge.net/ >> >> >> >> _______________________________________________ >> Asimba-users mailing list >> Asi...@li... >> https://lists.sourceforge.net/lists/listinfo/asimba-users >> > |
|
From: Mark D. <mdo...@co...> - 2015-02-26 17:07:29
|
Hi Mohamed, You can use Asimba as SAML Proxy for sure. As an application send an AuthnRequest to Asimba, and Asimba will act as a SAML SP towards a Remote SAML IDP. Is that your usecase? Cheers! Mark On 26/02/15 17:42, Mohamed El Hajj wrote: > Hi Mark, > > In fact i wanted to see if i could use asimba in SAML Proxy mode, instead of Shibboleth Service Provider, > > So is there a way to do this? > > > -----Original Message----- > From: Mark Dobrinic [mailto:mdo...@co...] > Sent: jeudi 26 février 2015 17:37 > To: Mohamed El Hajj; asi...@li... > Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service Provider > > Hi Mohamed, > > Asimba is primarily an Identity Provider, that has capabilities to relay an inbound authentication request to another SAML Identity Provider -- the SAML Proxy mode of Asimba. > > In this mode, Asimba performs the SAML Service Provider profile. > > If this is what you mean, then the answer is yes. > > If you are looking for a solution to integrate Asimba into your existing application, and Asimba should fulfill the SAML Service Provider role *towards your application*, then the answer is: there is no easy straight-forward way. You might be interested in taking a look at Shibboleth for that purpose. > > Did you get your question answered by this? > > Cheers! > > Mark > > > > > On 26/02/15 17:17, Mohamed El Hajj wrote: >> Hi, >> >> >> >> Can we use asimba SAML Proxy as a SAML Service Provider? >> >> >> >> Thank you >> >> >> >> >> >> Mohamed EL HAJJ >> >> @ Moh...@ad... <mailto:Moh...@ad...> >> >> (01 46 83 30 91 >> >> http://www.aduneo.com <http://www.aduneo.com/> >> >> 3 rue Danton 92240 Malakoff >> >> cid:image001.png@01CBCEB8.58797410 >> >> >> >> >> >> ---------------------------------------------------------------------- >> -------- Dive into the World of Parallel Programming The Go Parallel >> Website, sponsored by Intel and developed in partnership with Slashdot >> Media, is your hub for all things parallel software development, from >> weekly thought leadership blogs to news, videos, case studies, >> tutorials and more. Take a look and join the conversation now. >> http://goparallel.sourceforge.net/ >> >> >> >> _______________________________________________ >> Asimba-users mailing list >> Asi...@li... >> https://lists.sourceforge.net/lists/listinfo/asimba-users >> > |
|
From: Mark D. <mdo...@co...> - 2015-02-26 16:54:30
|
Hi Mohamed, Asimba is primarily an Identity Provider, that has capabilities to relay an inbound authentication request to another SAML Identity Provider -- the SAML Proxy mode of Asimba. In this mode, Asimba performs the SAML Service Provider profile. If this is what you mean, then the answer is yes. If you are looking for a solution to integrate Asimba into your existing application, and Asimba should fulfill the SAML Service Provider role *towards your application*, then the answer is: there is no easy straight-forward way. You might be interested in taking a look at Shibboleth for that purpose. Did you get your question answered by this? Cheers! Mark On 26/02/15 17:17, Mohamed El Hajj wrote: > Hi, > > > > Can we use asimba SAML Proxy as a SAML Service Provider? > > > > Thank you > > > > > > Mohamed EL HAJJ > > @ Moh...@ad... <mailto:Moh...@ad...> > > (01 46 83 30 91 > > http://www.aduneo.com <http://www.aduneo.com/> > > 3 rue Danton 92240 Malakoff > > cid:image001.png@01CBCEB8.58797410 > > > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > > > > _______________________________________________ > Asimba-users mailing list > Asi...@li... > https://lists.sourceforge.net/lists/listinfo/asimba-users > |
|
From: Mohamed El H. <Moh...@ad...> - 2015-02-26 16:42:24
|
Hi Mark, In fact i wanted to see if i could use asimba in SAML Proxy mode, instead of Shibboleth Service Provider, So is there a way to do this? -----Original Message----- From: Mark Dobrinic [mailto:mdo...@co...] Sent: jeudi 26 février 2015 17:37 To: Mohamed El Hajj; asi...@li... Subject: Re: [Asimba-users] asimba SAML Proxy as a SAML Service Provider Hi Mohamed, Asimba is primarily an Identity Provider, that has capabilities to relay an inbound authentication request to another SAML Identity Provider -- the SAML Proxy mode of Asimba. In this mode, Asimba performs the SAML Service Provider profile. If this is what you mean, then the answer is yes. If you are looking for a solution to integrate Asimba into your existing application, and Asimba should fulfill the SAML Service Provider role *towards your application*, then the answer is: there is no easy straight-forward way. You might be interested in taking a look at Shibboleth for that purpose. Did you get your question answered by this? Cheers! Mark On 26/02/15 17:17, Mohamed El Hajj wrote: > Hi, > > > > Can we use asimba SAML Proxy as a SAML Service Provider? > > > > Thank you > > > > > > Mohamed EL HAJJ > > @ Moh...@ad... <mailto:Moh...@ad...> > > (01 46 83 30 91 > > http://www.aduneo.com <http://www.aduneo.com/> > > 3 rue Danton 92240 Malakoff > > cid:image001.png@01CBCEB8.58797410 > > > > > > ---------------------------------------------------------------------- > -------- Dive into the World of Parallel Programming The Go Parallel > Website, sponsored by Intel and developed in partnership with Slashdot > Media, is your hub for all things parallel software development, from > weekly thought leadership blogs to news, videos, case studies, > tutorials and more. Take a look and join the conversation now. > http://goparallel.sourceforge.net/ > > > > _______________________________________________ > Asimba-users mailing list > Asi...@li... > https://lists.sourceforge.net/lists/listinfo/asimba-users > |
|
From: Mohamed El H. <Moh...@ad...> - 2015-02-26 16:32:46
|
Hi, Can we use asimba SAML Proxy as a SAML Service Provider? Thank you Mohamed EL HAJJ @ Moh...@ad...<mailto:Moh...@ad...> * 01 46 83 30 91 http://www.aduneo.com<http://www.aduneo.com/> 3 rue Danton 92240 Malakoff [cid:image001.png@01CBCEB8.58797410] |
|
From: Liam H. <li...@um...> - 2014-10-07 13:52:04
|
Can someone provide a sanitized copy of a working asimba.xml configured for SAML IdP proxying? Liam |
|
From: Mark D. <mdo...@co...> - 2014-06-29 13:04:16
|
If all you want to do is release the attributes (with the name of how they provided to you by a remote IDP), then it looks like that following snippet is the way to go. You could do some mappings if you'd like to, but I wouldn't advice that, as that would make your (proxy-) IDP no longer conforming to eduPerson schema. On the other hand, if you need to do mappings to convert from eduPerson to another scheme, then mapping is required! Cheers! Mark On 25/06/14 23:43, Zico wrote: > Hello list, > > Do you have any suggestion on how eduPerson* attributes ( i.e: > https://www.incommon.org/federation/attributesummary.html ) should be > configured in Asimba? > > Should I go for custom attribute generation or below snippets should > work? [ these two URN > > <attributerelease > class="com.alfaariss.oa.engine.attribute.release.configuration.ConfigurationFactory"> > <policy id="asimba-saml-proxy.releasepolicy.1" > friendlyname="Default Attribute Release policy" enabled="true"> > <attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" /> > <attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" /> > <attribute name="firstname" /> > <attribute name="lastname" /> > </policy> > </attributerelease> > > -- > Best, > Zico > > > ------------------------------------------------------------------------------ > Open source business process management suite built on Java and Eclipse > Turn processes into business applications with Bonita BPM Community Edition > Quickly connect people, data, and systems into organized workflows > Winner of BOSSIE, CODIE, OW2 and Gartner awards > http://p.sf.net/sfu/Bonitasoft > > > > _______________________________________________ > Asimba-users mailing list > Asi...@li... > https://lists.sourceforge.net/lists/listinfo/asimba-users > |
|
From: Zico <mai...@gm...> - 2014-06-25 21:44:05
|
Hello list, Do you have any suggestion on how eduPerson* attributes ( i.e: https://www.incommon.org/federation/attributesummary.html ) should be configured in Asimba? Should I go for custom attribute generation or below snippets should work? [ these two URN <attributerelease class="com.alfaariss.oa.engine.attribute.release.configuration.ConfigurationFactory"> <policy id="asimba-saml-proxy.releasepolicy.1" friendlyname="Default Attribute Release policy" enabled="true"> <attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" /> <attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" /> <attribute name="firstname" /> <attribute name="lastname" /> </policy> </attributerelease> -- Best, Zico |
|
From: Zico <mai...@gm...> - 2014-06-25 21:39:41
|
Mark,
This works for single custom attributes. Thanks again. :-)
I do have another question... what if I want to map second custom attribute
based on same "urn:oid:0.9.2342.19200300.100.1.1"?
As for example, I tried below ( * ) and it is not allowing me ( ** )
( * )
<attributemapper>
<map ext="urn:oid:0.9.2342.19200300.100.1.1"
int="schoolName" />
<map ext="urn:oid:0.9.2342.19200300.100.1.1"
int="testSchoolName" />
</attributemapper>
( ** )
NFO | jvm 1 | 2014/06/25 17:30:56 | SEVERE: Ext name not unique in map
with 'ext' value: urn:oid:0.9.2342.19200300.100.1.1
Any suggestion?
On Tue, Jun 24, 2014 at 10:55 AM, Mark Dobrinic <mdo...@co...>
wrote:
> Hi Zico,
>
> (cross-posting this to the asimba-users list, as this can also be
> considered general advice)
>
> That is not going to work the way you propose. The extension I made,
> is capable of extracting particular AuthenticationContext-attributes
> that are set by an Authentication Method. This works for the
> RemoteSAML.issuer attribute, but not for the other attributes.
>
> Instead, the attributes that the IDP provides to Asimba (in an
> AttributeStatement of the Assertion) are set to the authenticating
> user already (reference:
>
> com.alfaariss.oa.authentication.remote.saml2.profile.sso.WebBrowserSSOProfile
> on line 741)
>
> The next things to do from here, are:
> 1) Map the incoming attributename to an outgoing attributename
> 2) Define the (mapped) attributename in the Attribute Release Policy
> that is applied to this context
>
> The attribute-mapping for this scenario can be configured in the SAML2
> AuthenticationMethod of asimba.xml, like this:
>
> <asimba>
> ...
> <websso>
> ...
> <authentication>
> ...
> <methods>
> ...
> <method class="...SAML2AuthenticationMethod" id="RemoteSAML">
> ...
> <attributemapper>
> <map ext="urn:oid:0.9.2342.19200300.100.1.1"
> int="schoolName" />
> </attributemapper>
> </method>
> </methods>
> </authentication>
> </websso>
> </asimba>
>
>
> And the Attribute Release Policy should include (at least) the
> "schoolName" attribute.
>
> That should do it I think.
>
> Let me know whether that works for you!
>
> Cheers!
>
> Mark
>
>
> On 23/06/14 23:06, Zico wrote:
> > Hi Mark,
> >
> > I need to configure few custom attributes in Asimba. What might be
> > the best practice to do so?
> >
> > As for example, I need to configure two custom attributes named
> > "schoolName" and "testschoolName". Which should be based on "UID"
> > and "schoolName" respectively. So, I tried to configure it in this
> > way:
> >
> > 1.
> >
> > <postauthorization> <methods> <method
> > id="AuthnContextToUserAttributesMethod" friendlyname="Add
> > AuthenticationContext attributes to User attributes"
> >
> class="org.asimba.custom.postauthz.authncontextattribute.AuthnContextToUserAttributes"
> >
> >
> enabled="true">
> > <attributes> <attribute authnmethod="RemoteSAML" src="issuer"
> > dest="issuerIDP" required="true" />
> >
> > <attribute authnmethod="RemoteSAML"
> > src="urn:oid:0.9.2342.19200300.100.1.1" dest="schoolName"
> > required="true" />
> >
> > <attribute authnmethod="RemoteSAML" src="schoolName"
> > dest="testschoolName" required="true" />
> >
> > </attributes> </method> </methods> </postauthorization>
> >
> >
> >
> > 2. <attributerelease
> >
> class="com.alfaariss.oa.engine.attribute.release.configuration.ConfigurationFactory">
> >
> >
> <policy id="asimba-saml-proxy.releasepolicy.1" friendlyname="Default
> Attribute Release policy" enabled="true">
> >
> > <attribute name="givenName" /> <attribute name="cn" /> <attribute
> > name="urn:oid:0.9.2342.19200300.100.1.1" /> <attribute
> > name="urn:oid:0.9.2342.19200300.100.1.3" /> <attribute
> > name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" /> <attribute
> > name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" /> <attribute
> > name="firstname" /> <attribute name="lastname" /> <attribute
> > name="issuerIDP" /> <attribute name="transientId" /> <attribute
> > name="displayName" /> <attribute name="eduPersonTargetedID" />
> > <attribute name="schoolName" /> <attribute name="testSchoolName"
> > /> <attribute name="*" />
> >
> > </policy> </attributerelease>
> >
> >
> > What do you think?
> >
> >
> > .......................................... Kind regards, Zico Lead
> > Support Engineer Gluu, Inc. http://www.gluu.org/ su...@gl...
> > skype: mailzico schedule your support conf call here:
> > http://gluusupport.youcanbook.me/
> >
>
>
--
Best,
Zico
|
|
From: Zico <mo...@gl...> - 2014-06-24 16:32:50
|
Great. Yes, adding replies in mailing list is necessary. Regarding new attribute configuration, we will check and get back to you with solutions / problems. :P Thanks, Mark! On Jun 24, 2014, at 10:55 AM, Mark Dobrinic <mdo...@co...> wrote: > Hi Zico, > > (cross-posting this to the asimba-users list, as this can also be > considered general advice) > > That is not going to work the way you propose. The extension I made, > is capable of extracting particular AuthenticationContext-attributes > that are set by an Authentication Method. This works for the > RemoteSAML.issuer attribute, but not for the other attributes. > > Instead, the attributes that the IDP provides to Asimba (in an > AttributeStatement of the Assertion) are set to the authenticating > user already (reference: > com.alfaariss.oa.authentication.remote.saml2.profile.sso.WebBrowserSSOProfile > on line 741) > > The next things to do from here, are: > 1) Map the incoming attributename to an outgoing attributename > 2) Define the (mapped) attributename in the Attribute Release Policy > that is applied to this context > > The attribute-mapping for this scenario can be configured in the SAML2 > AuthenticationMethod of asimba.xml, like this: > > <asimba> > ... > <websso> > ... > <authentication> > ... > <methods> > ... > <method class="...SAML2AuthenticationMethod" id="RemoteSAML"> > ... > <attributemapper> > <map ext="urn:oid:0.9.2342.19200300.100.1.1" > int="schoolName" /> > </attributemapper> > </method> > </methods> > </authentication> > </websso> > </asimba> > > > And the Attribute Release Policy should include (at least) the > "schoolName" attribute. > > That should do it I think. > > Let me know whether that works for you! > > Cheers! > > Mark > > > On 23/06/14 23:06, Zico wrote: >> Hi Mark, >> >> I need to configure few custom attributes in Asimba. What might be >> the best practice to do so? >> >> As for example, I need to configure two custom attributes named >> "schoolName" and "testschoolName". Which should be based on "UID" >> and "schoolName" respectively. So, I tried to configure it in this >> way: >> >> 1. >> >> <postauthorization> <methods> <method >> id="AuthnContextToUserAttributesMethod" friendlyname="Add >> AuthenticationContext attributes to User attributes" >> class="org.asimba.custom.postauthz.authncontextattribute.AuthnContextToUserAttributes" >> >> > enabled="true"> >> <attributes> <attribute authnmethod="RemoteSAML" src="issuer" >> dest="issuerIDP" required="true" /> >> >> <attribute authnmethod="RemoteSAML" >> src="urn:oid:0.9.2342.19200300.100.1.1" dest="schoolName" >> required="true" /> >> >> <attribute authnmethod="RemoteSAML" src="schoolName" >> dest="testschoolName" required="true" /> >> >> </attributes> </method> </methods> </postauthorization> >> >> >> >> 2. <attributerelease >> class="com.alfaariss.oa.engine.attribute.release.configuration.ConfigurationFactory"> >> >> > <policy id="asimba-saml-proxy.releasepolicy.1" friendlyname="Default > Attribute Release policy" enabled="true"> >> >> <attribute name="givenName" /> <attribute name="cn" /> <attribute >> name="urn:oid:0.9.2342.19200300.100.1.1" /> <attribute >> name="urn:oid:0.9.2342.19200300.100.1.3" /> <attribute >> name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" /> <attribute >> name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" /> <attribute >> name="firstname" /> <attribute name="lastname" /> <attribute >> name="issuerIDP" /> <attribute name="transientId" /> <attribute >> name="displayName" /> <attribute name="eduPersonTargetedID" /> >> <attribute name="schoolName" /> <attribute name="testSchoolName" >> /> <attribute name="*" /> >> >> </policy> </attributerelease> >> >> >> What do you think? >> >> >> .......................................... Kind regards, Zico Lead >> Support Engineer Gluu, Inc. http://www.gluu.org/ su...@gl... >> skype: mailzico schedule your support conf call here: >> http://gluusupport.youcanbook.me/ >> > .......................................... Kind regards, Zico Lead Support Engineer Gluu, Inc. http://www.gluu.org/ su...@gl... skype: mailzico schedule your support conf call here: http://gluusupport.youcanbook.me/ |
|
From: Mark D. <mdo...@co...> - 2014-06-24 16:09:10
|
Hi Zico,
(cross-posting this to the asimba-users list, as this can also be
considered general advice)
That is not going to work the way you propose. The extension I made,
is capable of extracting particular AuthenticationContext-attributes
that are set by an Authentication Method. This works for the
RemoteSAML.issuer attribute, but not for the other attributes.
Instead, the attributes that the IDP provides to Asimba (in an
AttributeStatement of the Assertion) are set to the authenticating
user already (reference:
com.alfaariss.oa.authentication.remote.saml2.profile.sso.WebBrowserSSOProfile
on line 741)
The next things to do from here, are:
1) Map the incoming attributename to an outgoing attributename
2) Define the (mapped) attributename in the Attribute Release Policy
that is applied to this context
The attribute-mapping for this scenario can be configured in the SAML2
AuthenticationMethod of asimba.xml, like this:
<asimba>
...
<websso>
...
<authentication>
...
<methods>
...
<method class="...SAML2AuthenticationMethod" id="RemoteSAML">
...
<attributemapper>
<map ext="urn:oid:0.9.2342.19200300.100.1.1"
int="schoolName" />
</attributemapper>
</method>
</methods>
</authentication>
</websso>
</asimba>
And the Attribute Release Policy should include (at least) the
"schoolName" attribute.
That should do it I think.
Let me know whether that works for you!
Cheers!
Mark
On 23/06/14 23:06, Zico wrote:
> Hi Mark,
>
> I need to configure few custom attributes in Asimba. What might be
> the best practice to do so?
>
> As for example, I need to configure two custom attributes named
> "schoolName" and "testschoolName". Which should be based on "UID"
> and "schoolName" respectively. So, I tried to configure it in this
> way:
>
> 1.
>
> <postauthorization> <methods> <method
> id="AuthnContextToUserAttributesMethod" friendlyname="Add
> AuthenticationContext attributes to User attributes"
> class="org.asimba.custom.postauthz.authncontextattribute.AuthnContextToUserAttributes"
>
>
enabled="true">
> <attributes> <attribute authnmethod="RemoteSAML" src="issuer"
> dest="issuerIDP" required="true" />
>
> <attribute authnmethod="RemoteSAML"
> src="urn:oid:0.9.2342.19200300.100.1.1" dest="schoolName"
> required="true" />
>
> <attribute authnmethod="RemoteSAML" src="schoolName"
> dest="testschoolName" required="true" />
>
> </attributes> </method> </methods> </postauthorization>
>
>
>
> 2. <attributerelease
> class="com.alfaariss.oa.engine.attribute.release.configuration.ConfigurationFactory">
>
>
<policy id="asimba-saml-proxy.releasepolicy.1" friendlyname="Default
Attribute Release policy" enabled="true">
>
> <attribute name="givenName" /> <attribute name="cn" /> <attribute
> name="urn:oid:0.9.2342.19200300.100.1.1" /> <attribute
> name="urn:oid:0.9.2342.19200300.100.1.3" /> <attribute
> name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" /> <attribute
> name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" /> <attribute
> name="firstname" /> <attribute name="lastname" /> <attribute
> name="issuerIDP" /> <attribute name="transientId" /> <attribute
> name="displayName" /> <attribute name="eduPersonTargetedID" />
> <attribute name="schoolName" /> <attribute name="testSchoolName"
> /> <attribute name="*" />
>
> </policy> </attributerelease>
>
>
> What do you think?
>
>
> .......................................... Kind regards, Zico Lead
> Support Engineer Gluu, Inc. http://www.gluu.org/ su...@gl...
> skype: mailzico schedule your support conf call here:
> http://gluusupport.youcanbook.me/
>
|
|
From: Mark D. <mdo...@co...> - 2014-04-09 14:16:21
|
Following up the release: There was an update to the release-notes, which is relevant for users that rely on the JDBC SAML2IDP datastore. Updating to Asimba 1.2.0 requires a database modification to be made (new attribute to table) See http://sourceforge.net/p/asimba/wiki/asimba-am-remote-saml2/#per-idp-sso-disable for more information. Apologies ;) Cheers! Mark On 08/04/14 15:34, Mark Dobrinic wrote: > Hi there, > > Asimba 1.2.0 is released today. Here's the release-notes. > > Happy updating ;) > > Cheers! > > Mark > > > Releasenotes for Asimba 1.2.0 > ============================= > Date: April 8th, 2014 > > > Asimba 1.2.0 is mainly a service release, that fixes some existing > issues, but also introduces new functionality for Authentication Profile > selection. There are no breaking changes from the previous 1.1.3.1 > release. Therefore it is strongly advised to upgrade any existing Asimba > 1.1.3.1 to the new 1.2.0 version. > > New features > * The SAML2 IDP profile supports Authentication Profile selection from > the AuthnContextClassRef specifier. > Asimba used to only report the Authentication Profile that was > performed, but can now also responds to an incoming ACCR-specifier. > How to configure this is documented in > https://sourceforge.net/p/asimba/wiki/asimba-idp-profile-saml2/#saml2-web-browser-sso-autentication-context > > > Fixes > * Fixed null condition in logger statement (asimba-engine-crypto: > CryptoManager) > * Enforce supported encoding binding for increased Shibboleth IDP > interoperability (asimba-am-remote, asimba-saml2-utility) > * Fixed initialization in SAML2Confederation (asimba-saml2-utility) > * Fixed issue with MetadataProvider thread management when initial fetch > attempt failed (asimba-saml2-utility) > > > > ------------------------------------------------------------------------------ > Put Bad Developers to Shame > Dominate Development with Jenkins Continuous Integration > Continuously Automate Build, Test & Deployment > Start a new project now. Try Jenkins in the cloud. > http://p.sf.net/sfu/13600_Cloudbees > _______________________________________________ > Asimba-users mailing list > Asi...@li... > https://lists.sourceforge.net/lists/listinfo/asimba-users > |
|
From: Mark D. <mdo...@co...> - 2014-04-08 13:52:45
|
Hi there, Asimba 1.2.0 is released today. Here's the release-notes. Happy updating ;) Cheers! Mark Releasenotes for Asimba 1.2.0 ============================= Date: April 8th, 2014 Asimba 1.2.0 is mainly a service release, that fixes some existing issues, but also introduces new functionality for Authentication Profile selection. There are no breaking changes from the previous 1.1.3.1 release. Therefore it is strongly advised to upgrade any existing Asimba 1.1.3.1 to the new 1.2.0 version. New features * The SAML2 IDP profile supports Authentication Profile selection from the AuthnContextClassRef specifier. Asimba used to only report the Authentication Profile that was performed, but can now also responds to an incoming ACCR-specifier. How to configure this is documented in https://sourceforge.net/p/asimba/wiki/asimba-idp-profile-saml2/#saml2-web-browser-sso-autentication-context Fixes * Fixed null condition in logger statement (asimba-engine-crypto: CryptoManager) * Enforce supported encoding binding for increased Shibboleth IDP interoperability (asimba-am-remote, asimba-saml2-utility) * Fixed initialization in SAML2Confederation (asimba-saml2-utility) * Fixed issue with MetadataProvider thread management when initial fetch attempt failed (asimba-saml2-utility) |
