Playing around with SAML 2.0 some more. Here is some code that I created that allowed me to create a SAML 2.0 AuthnRequest object to be submitted to an Identity Provider. 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122public String buildAuthnRequest(){     try {             XMLObjectBuilderFactory builderFactory = org.opensaml.Configuration.getBuilderFactory();             //Generate [...]

I recently created a SAML 2.0 Service Provider using PHP. I used the AuthnRequest Protocol with HTTP-POST binding. This was done to help me understand the basic SAML 2.0 exchanges between a Service Provider and an Identity Provider. Here is an exhaustive analysis of my Service Provider logs that I created. The service provider that [...]

Javascript does have a good Date object that can be used to manipulate dates in your script. Another benefit it sports is that it can take several string formats and create a Date object from that string. However, despite their efforts to use the most common strings you will likely come across a date format [...]

I have been struggling for the past few days trying to get my Java program to properly build and encode a SAML 2.0 Authentication Request that should initiate a Single Sign-on event with a SAML 2.0 capable Identity Provider. I was having problems with the Java library that I was using to DEFLATE the authentication [...]

I have been spending the past day working with OpenID an getting it to work on a couple of different portals/web applications. OpenID works really well and I highly recommend it as an alternative method of authentication. In order to get started accepting OpenID credentials in your authentication model, or even to get started using [...]

Just today I came across a javascript hack that was sending information for website users to a third party location. The way I found this out – other than getting malware notices from Google, was to do a wireshark trace on the offending website. From there I saw some interesting requests. Upon closer inspection, I [...]