Typical SSO with SAML is something called Web SSO Profile. There are many products supporting this on the market for example OpenAM, Shibboleth, OpenSAML and Oracle Identity Federation. The specific configuration is dependant on what product you choose to use. A working example of OpenSAML that I use in my book is availible here. On … Read more
Typically, the intent of the artifact binding is to reduce the flow of SAML messages through the browser itself. This could be due to browser restrictions (browsers that have limits on query string / POST payload size) or no support for JavaScript (for auto-submitted forms), or even to improve the security model of how the … Read more
I recently went through the same thought process: having never heard of SAML, I needed to enable a web application to authenticate via SAML with OneLogin as the identity provider (instead of Active Directory). During implementation, I made heavy use of OneLogin’s documentation and the passport-saml library, both of which I recommend, though I’m not … Read more
The original meaning of RelayState is that the SP can send some value to the IDP together with the AuthnRequest and then get it back. The SP can put whatever value it wants in the RelayState and the IDP should just echo it back in the response. This RelayState parameter is meant to be an … Read more