authentication - Configure Okta to Mediate between our SP Application and IdP -


we service provider has saml enabled our app allow idps authenticate users us. make sure on same page

  • identity provider (idp) application job authenticate users
  • service provider (sp) end application federates identities , authentication idp
  • saml protocol allowing idps make trustworthy identity assertions sps. using saml 2.0 (http://en.wikipedia.org/wiki/saml_2.0)

more information on federated identity here: http://developer.okta.com/docs/guides/saml_guidance.html

we using okta idp, have run situation need integrate separate idp. have our app communicate okta , have okta deal talking separate idp , validating assertions. due our particular use case, our app knows underlying idp should used, no need idp discovery.

we configure okta authentication flow follows:

  1. our app redirects user endpoint in okta indicating use underlying idp authentication

  2. okta , underlying idp whatever necessary authenticate user , validate authentication

  3. our app gets single response (via http-post) our acs endpoint authenticating user, signed okta

from end user perspective, navigate service-provider.com, redirected through okta underlying-idp.com, perform necessary authentication, , redirected service-provider.com. end user unaware of middle okta layer, possible exception of okta url briefly appearing in browser address bar during redirects.

so far, have been able set inbound saml in our okta instance users can authenticated in okta via underlying idp. have our app redirect endpoint given in inbound saml configuration page samlrequest, brings users okta dashboard since link authenticating users in okta, not authenticate users sp using okta. see our relevant configuration:

how can configure okta our use case possible? ideally, okta serve middleman or mediator, checking , passing along saml requests/assertions. specifically, don’t need these users authenticated okta users necessarily; need okta assert user based on underlying idp’s assertion.

kinda sounds need idp discovery capability okta has on roadmap later year combined inbound saml setup relationships other idp. believe it's possible sort of implement custom login page. they've mentioned doing professional services, i'd feel lot better when they've built idp discovery platform.


Comments

Post a Comment

Popular posts from this blog

sublimetext3 - what keyboard shortcut is to comment/uncomment for this script tag in sublime -

Image
i have script tag in code, keyboard shortcut comment/uncomment script tag in sublime. after selecting script open , close tag. <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> i pressing ctrl + shift + / , getting this /*<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script>*/ also pressed ctrl + / , got this // <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> // </script> instead of <!-- <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> --> script open , close tag in 2 lines not in 1 line , not have spaces too. for mac,high light lines want comment. hold 'command , / ' commented. for windows: high line or select lines ,then hold ctrl + / if not work: ...
Read more

java - No use of nillable="0" in SOAP Webservice -

i have received xsd 3rd party supplier generated java based system; used create soap endpoint receive data transfers. xsd not make use of nillable attribute defined within w3c/xsd namespace, example: <xs:complextype name="customer"> <xs:sequence> <xs:element minoccurs="1" maxoccurs="1" name="id" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="titleid" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="firstname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="familyname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="previousname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" nam...
Read more

ubuntu - Laravel 5.2 quickstart guide gives Not Found Error -

edit: think problem due not setting apache properly, these 2 links helped me. solution: http://laravel.io/forum/06-11-2014-not-found-but-route-exists https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts end edit i'm following laravel 5.2 quickstart guide. https://laravel.com/docs/5.2/quickstart i'm running ubuntu 14.04.2 the website runs initially, when click on add task button run 404 not found error. as per guide run following commands setup complete quickstart project. git clone https://github.com/laravel/quickstart-basic quickstart cd quickstart composer install php artisan migrate additionally run following commands because i'm on ubuntu server: sudo chown -r www-data.www-data quickstart sudo chmod -r 755 quickstart sudo chmod 777 quickstart/storage the routes.php file looks like: <?php use app\task; use illuminate\http\request; route::group(['middleware' => ['web']]...
Read more