PingFederate
Federation Lab : Automated SAML 2.0 SP Compliance Testing
Submitted by Andreas Åkre Solberg [1] on 2 July, 2010 - 08:45
I've started working on an automated testing tool for validating behaviour of SAML 2.0 Service Provider implementations and deployments.
I've just started the work, and a public test user interface will be available later. For now, enjoy this video teaser...
<object width="960" height="540" type="application/x-shockwave-flash" data="/files/player.swf">
<param name="movie" value="/files/player.swf" />
<param name="flashvars" value="image=/files/fedlab_preview.jpg&file=/files/fedlab_preview-Computer.m4v" />
<img src="/files/fedlab_preview.jpg" alt="Federation Lab"
title="No video playback capabilities, please download the video below" />
</object>
I spent quite some effort on making this video playable on all modern browsers, iproducts, and using HTML5 at the same time. If you are not able to play the video, please let me know...
Learning more about PingFederate
Submitted by Andreas Åkre Solberg [1] on 21 August, 2008 - 08:54
Andrew Hindle from Ping Identity was so kind to drop by our office to demonstrate how PingFederate works. We are off course eager learn all there is to learn about the commercial SAML 2.0 software out there.
PingFederate seems to be easy to setup. It comes with a self-contained appserver, and runs on a small set of platforms. Included support for one year. If you for some reason wants to pay for your SAML 2.0 software, this seems to be an OK choice.
PingFederate comes with a auto configuration tool called auto-connect. Seems to be useless for us, as it requires email as NameID format. At the same time it is meant to be used in Ping-only environments.
We have some people that is testing out PingFederate, and hopefully we can publish a short guide of how to connect PingFederate as a SAML 2.0 SP to Feide, for those interested.
PingFederate SAML 2.0 Authentication Response
Submitted by Andreas Åkre Solberg [1] on 3 June, 2008 - 13:48
<Response InResponseTo="_78b579d14708bf36642f1375f6ecc9642199b6bfdc" IssueInstant="2008-06-03T09:46:55.934Z" ID="Vzf4L8F_PaZ-JOy4cpgijVTu0I_" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml:Issuer>edugain.showcase.surfnet.nl</saml:Issuer> <Status> <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </Status> <saml:Assertion Version="2.0" IssueInstant="2008-06-03T09:46:55.947Z" ID="G4t1o38BoKjogdlV9AYnC7wDcOL"> <saml:Issuer>edugain.showcase.surfnet.nl</saml:Issuer> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#G4t1o38BoKjogdlV9AYnC7wDcOL"> <ds:Transforms> <ds:Transform
Ping Federate SAML 2.0 AuthNRequest
Submitted by Andreas Åkre Solberg [1] on 29 May, 2008 - 06:02
<AuthnRequest Destination="http://idp.ssocircle.com:80/sso/SSORedirect/metaAlias/ssocircle" IssueInstant="2008-05-28T20:12:35.971Z" ID="xc6YVsq0cxOWkwdDqQwqCIMmHSu" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>edugain.showcase.surfnet.nl</saml:Issuer> <NameIDPolicy AllowCreate="true"/> </AuthnRequest>
Service Provider's Guide to Feide Integration
Submitted by Andreas Åkre Solberg [1] on 28 October, 2007 - 17:59
This document is meant as a hand-out to new service providers who want to integrate their application with Feide authentication. This document is targeted to techincal people. It contains a large amount of links, so you will be able to find more documentation on what's unclear.