I want to SSO/SLO from my native app, SSO works but SLO does not work.
I have Force Logouted the SAML initiator in the SSO configuration with both OneLogin and SP, but no SAML Logout Request is sent to my SLO endpoint.
SSO worked with either SAML initiator.
Is this a spec?
Is there any way to SLO with Force Logout?
Related
I use Azure AD B2C as a SAML IDP. It's works well expect SingleLogout flow.
When LogoutRequest from B2C comes to (my app) ITfoxtec it crashes because this request is not signed.
I can't force Azure AD B2C to sign its' requests as well as I can't skip signing verification for ITfoxtec. Could you help to fix it ?
Best regards,
Alexandr Zolotarev
The SAML 2.0 standard require both the LogoutRequest and the LogoutResponse to be signed. The ITfoxtec Identity SAML package follows the SAML 2.0 standard and it is therefore not possible to disable the signature check.
If you like you could down load the code and change it to not validate the signature.
There is a requirement in my project to Authenticate user using ADFS at back end without user interaction with ADFS Login Page.Any possible way to achieve it(maybe by Certificate Authentication only)
You could use the WS-Fed active profile (ala WCF).
Or for ADFS 4.0, with OpenID Connect / OAuth you could use client credential flow (typically server to server) where authentication is via knowledge of a secret key.
If from client, use resource owner password flow.
I'm working on project having two applications (ASP.NET MVC) WebApp and WebAPI.
WebApp using ADFS for authentication, so user enters UserName and Password to login to WebAPP which goes to ADFS and ADFS returns SAML token to WebApp on successful authentication. My WebApp accessing some WebAPI's internally (WebAPI's are not secure for now).
Now I have ADFS SAML token in WebApp and I want to use same SAML token to access my WebAPI's.
How to implement this type of authentication in WebAPI application?
I have an application that uses oauth to sign user in with my azure ad b2c tenant . Now i want that my app has a button that links the user to third party application from my website and i want to authenticate that user to third party application using SAML with my azure b2c tanent acting as idp and sending saml to third party on user's button click.
Is this scenario possible. ???
Yes, it is possible. What you mean is SAML as RP.
In SAML as RP case,
B2C acts as IDP
B2C accepts SAML requests
B2C sends SAML assertions as output
I can help you if you stuck anywhere...
Yes you can do this with B2C custom policies.
Your logon page will now have two buttons:
Normal B2C auth
SAML auth to third party
I have been reading about OAuth, and found that
it roughly performs the following
- client sends request token during redirect to server
- Server displays authorization screen to resource owner
- Resource owner provides uid and pw (not passed to client)
- Server sends access token back to client
- clients then users the Access token to gain access to a
resource
Based on my reding it does not appear that OAuth
does not enable SSO or Federation, but on some
Blogs it implies it does perform SSO
Is this correct or incorrect. Can it perform SSO
without the help of other protocols?
Thanks
Yes it supports SSO with this flow.
We have 2 applications A and B.
The user want to access application A
He is redirected to the identity profider (idp)
He logs in with his credentials.
The idp issues an OAUTH token and a cookie
The client now adds the oauth token to the request for app A and is authorized.
When the client wants to access application B he is again redirected to the idp
In this call to the idp the coockie that the idp had returned in the flow with app A is added.
Because of this the idp immediately returns a token for app B, the client does not have to log in again.
The client gan now access app B with the newly created token.
Hope this exmaple flow makes it more clear.