SAML and encryption

Posted on 2014-08-04
Last Modified: 2014-08-05
I have been reading about SAML.  I have one question

From what I understand, the identity provider is contacted by the web service to verify the username and pw.  Does this mean that the user sends the username and pw to the web service.  Does this actually go through the wire?  Would this data be encrypted ?

Question by:Anthony Lucia
    1 Comment
    LVL 30

    Accepted Solution

    I have done a SAML implementation with WSO2 as the Identity provider/ server. In that, our application sends a SAML request to WSO2 in an encoded manner using URL redirect on the browser - so its like a POST request going from your application to WSO2 on the browser, and then WSO2 throws up its login page. You enter the credentials on WSO2's login page only; it verifies the details and then redirects back to your application with an encoded SAML response via POST on the browser itself. Once your application receives the SAML response, you can decode it to receive the user ID of the logged in user and do your Java stuff (put the user in the HttpSession, etc).

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now