We have 4 apps and I suspect that we want to implement the SSO in these applications, I have many doubts that we use DandomML Was suggested to do. Question 1:
The user name and password entered by the user is sent by the customer (X.front-end) on the middleware and then the middleware send this information to the SSO server, then In this case the user is a principal ?? Is the middleware a service provider? Is SSO Server an Identity Provider? Question 2:
Now when there is a user login in an application, we must connect to the identity provider to start the SSO, what parameters are mandatory) sent us to the SSO server should go ??
Question 3:
After receiving feedback from the SSO server, should you keep intermediate token for future reference?
Question 4:
Now if another user hits another application, then it should be recognized that working on the SSO. How to recognize this? Did the middleware hit the SSO server for him?
Please solve the above questions.
1) Yes, the 'middleware' you describe is a service provider and 'sso server 'Is the identity provider.
2) When the user tries to conserve a protected resource on the service provider, the identity provider will be prompted for the user login details if the browser does not have an active session with the identity provider in the browser. .
The browser will be redirected to the service provider with the SAML response back to the URL. After confirming the SAML response, the service provider will redirect to the protected resource.
Once the user is certified that the service provider can keep the session for each request to redirect it to the identity provider.
3) Service Providers (Middleware) generally will not retain SAML response from the identity provider, instead it can set its own session, for example. It can be down in the net through form authenticity.
4) When the user tries to use another service provider, the browser will be sent to the identity provider. Since the user already has an active session, the identity provider will be redirected back to the service provider with SAML repsonse. The service provider will then redirect the protected resource and optionally it will create its own session.
This is done by the user's origin, and they are effectively logging in to other service providers.
In addition to which development are you using? If you are using .NET or Java, then I can recommend open source library. This includes examples of both service and identity providers working so that you can see how things work.
No comments:
Post a Comment