Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] - describe interactions with IDP #7

Open
dazinator opened this issue Jul 29, 2019 · 3 comments
Open

[Question] - describe interactions with IDP #7

dazinator opened this issue Jul 29, 2019 · 3 comments
Labels
enhancement New feature or request

Comments

@dazinator
Copy link

dazinator commented Jul 29, 2019
edited
Loading

Kudos for creating this project.

Apologies if this request seems unreasonable!
Is it possible you would be able to provide a rough description (perhaps a wiki page?) of the interactions that take place when you click the "saml2" login button on the website - in terms of http requests / responses / redirects? For example, does the server make a synchronous request to sustainsys and await a response with the assertion (I am guessing not..)? I'm just wondering how sustainsys is able to post the assertion back to the site that is running on localhost - or does this happen with a cookie / url parameter that it sets and then does response redirect from sustainsys back to localhost?

In addition to that, a description of anything that is stored in temporary session / state whilst the process is ongoing (i.e if anything is cached in memory or on disk - so we know if the process doesn't complete, what happens to this state - does it expire from the cache etc?)

P.S Many thanks for creating this, it looks awesome. I'm only experimenting with SAML at this stage (I have an OAUTH background and now a user story has appeared on my companies backlog involving SAML so i thought I'd get a head start on some research!)
@jkmu
Copy link
Owner

jkmu commented Jul 29, 2019

Your request is quite reasonable!

The middleware follows saml2 specs so for the time being you can check what it says about the interactions between a service provider and an identity provider for the different bindings.

I agree that it would be helpful with a wiki page that describes the inner workings of the middleware. I will look into that after summer vacations :)

@jkmu jkmu added the enhancement New feature or request label Jul 29, 2019
@jkmu
Copy link
Owner

jkmu commented Jul 29, 2019
edited
Loading

As per your question. The middleware (sp) doesn't do any synchronous requests to the idp except for the Artifact Binding when resolving the SAMLAssertion from the received artifact. Every other communication with the idp goes through your browser. That is why the idp can redirect back to your localhost url.

@zeinabkamel
Copy link

can i ask about tool to generate saml response in localhost or if i build my own identity provider how can i build saml response?
@jkmu

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dazinator @jkmu @zeinabkamel