SP side Http session time-out period
by Adam Dong
Hi,
If I used ServiceProviderAuthenticator as my SP side, once a valid assertion comes back from IDP, and SP checked the assertion and created the local HttpSession (it is an HttpSession, right ?), what is that session's time-out period ? Is it configurable ?
Thanks,
Adam
9 years, 12 months
Re: [security-dev] The relationship between sp-metadata.xml and picketlink.xml
by Adam Dong
Any comments on my questions ?
-----Original Message-----
From: Adam Dong
Sent: Thursday, November 20, 2014 11:12 PM
To: 'security-dev(a)lists.jboss.org'
Subject: The relationship between sp-metadata.xml and picketlink.xml
Hi,
In the quickstart example on SP with metadata, the sp-metadata.xml didn't include signing key info for SP/IDP. If the signing key info is included in sp-metadata.xml for SP and IDP entity descriptiors, could picketlink code recognize that ? If yes, could I then do away with <Auth Key=... Value=...> and <ValidatingAlias Key=... Value=...> under <KeyProvider> in picketlink.xml ?
In other words, could we use picketlink.xml just for specifying handlers, and not for key info, at least not for validating key because validating key would be included under IDPEntityDescriptor in sp-metadata.xml ?
Is there any document to describe the relationship of these two files ? What if these two files have conflicting info, then which one takes precedence ?
Normally a standard-based IDP metadata is delivered in a file to SP side (and a standard-based SP metadata is delivered to IDP side), we prefer to take that file as a whole for SP to feed on it, instead of having to manually modify picketlink.xml.
Please shed some light on picketlink's capability with standard metadata and how to reconcile metadata and picketlink.xml.
Thanks,
Adam
9 years, 12 months
The relationship between sp-metadata.xml and picketlink.xml
by Adam Dong
Hi,
In the quickstart example on SP with metadata, the sp-metadata.xml didn't include signing key info for SP/IDP. If the signing key info is included in sp-metadata.xml for SP and IDP entity descriptiors, could picketlink code recognize that ? If yes, could I then do away with <Auth Key=... Value=...> and <ValidatingAlias Key=... Value=...> under <KeyProvider> in picketlink.xml ?
In other words, could we use picketlink.xml just for specifying handlers, and not for key info, at least not for validating key because validating key would be included under IDPEntityDescriptor in sp-metadata.xml ?
Is there any document to describe the relationship of these two files ? What if these two files have conflicting info, then which one takes precedence ?
Normally a standard-based IDP metadata is delivered in a file to SP side (and a standard-based SP metadata is delivered to IDP side), we prefer to take that file as a whole for SP to feed on it, instead of having to manually modify picketlink.xml.
Please shed some light on picketlink's capability with standard metadata and how to reconcile metadata and picketlink.xml.
Thanks,
Adam
10 years
Need PB 4.0.21.Final for 8.2
by Jason Greene
Hey guys,
Can you do a 4.0.21.Final at your earliest convenience? We need final versions before we can release 8.2. Thanks!
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
10 years
Picketlink integration with IDM
by Snhp
Hi All,
Can someone share examples on Picketlink integration with IDM (red hat) ?
Iam trying to configure IDM instead LDAP/Database..
Sent from my iPad
10 years
Re: [security-dev] How to config SP to talk to multiple IDPs
by Adam Dong
A related question, could ServiceProviderAuthenticator be configured to load multiple IDP metadata files (I do see the quick start example of loading one IDP's metadata in one file) ? Or multiple IDPs' metadata in one file ?
Thanks,
Adam
-----Original Message-----
From: Adam Dong
Sent: Friday, October 31, 2014 12:40 PM
To: 'security-dev(a)lists.jboss.org'
Subject: How to config SP to talk to multiple IDPs
Hi,
How to configure ServiceProviderAuthenticator to multiplex among multiple IDPs depending on some request parameter (a flag to indicate which IDP to talk to) ? Note that I am NOT talking about IDP discovery where I have to set up a common domain.
When can we expect SPFilter to be updated up to the level of ServiceProviderAuthenticator ?
Thanks,
Adam
10 years
