ComponentSpace

Forums



Authorization implementation - The basics


Authorization implementation - The basics

Author
Message
yturgeon
yturgeon
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 16
Hi there,

I'm currently evaluating ComponentSpace SAML for implementing an IdP. Very pleased with the straight forward SSO integration. Now I have to setup an AuthzDecisionQuery fonctionnality and I'm getting a hard time doing it.

Here is the way I understand this, high-level:
1- SP will send an AuthzDecisionQuery to my ACS url
2- I will respond with a SAMLResponse that includes an AuthzDecisionStatement assertion

My questions:
1- Is that correct?
2- Is there an example of that somewhere?
3- If no example, do I have to fill manualy every field of the SAML response or if there is a way to make it prefilled, based on the SP request who is asking the AuthzDecisionQuery? Similar to SAMLIdentityProvider.SendSSO() who pre-fill all the data possible based on the request received.

Don't assume that I understand well SAML. I'm beginning to work with it. Same thing with your SAML component.

Yannick


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Yannick,

The Assertion Query/Request profile, which includes the AuthzDecisionQuery, is not commonly used. We support it but through our SAML low-level API only.

In response to your questions:

1. Yes. For more information, I suggest taking a look at the "Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0" specification.

2. I'm afraid we don't have a specific example of this. I suggest taking a look at our SAML2IdentityProvider example project under the LowLevelAPI folder. The SSOService.aspx page includes a CreateSAMLResponse method that demonstrates constructing a SAML response using the low-level API.

3. You would have to construct the SAML response yourself using the low-level API.

We're happy to assist you getting this working. You're welcome to contact us at [email protected].

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search