websphere - Location and logic of SAML TAI class ACSTrustAssociationInterceptor -

-

in websphere saml sso, configure "com.ibm.ws.security.web.saml.acstrustassociationinterceptor" tai class.

as per understating of tai classes, step 1) saml tai deduce user name saml response. , asserts same sp application. asserted user "kaushik" not present in application. step 2) sp application checks if user exists in sp application step 3) if user not exist in application, redirected error page (configured sso_1.sp.acserrorpage )

now questions :- 1) understanding correct ? 2) if correct, how control comes tai class when sp not have required user ? 3) jar containing "com.ibm.ws.security.web.saml.acstrustassociationinterceptor" ? 4) jar location in appserver. not find anywhere

your understanding not correct. in step 1, saml tai indeed deduce user name saml response. in manner determined saml tai custom properties. step 2 believe begin stray. term "application" general here. saml tai checks registry configured security domain existing user if configure idmap custom property localrealm. otherwise assumption idassertion creates ephemeral user, 1 exists in jaas subject not registry.

i not recall application library contains saml tai code. knowledge not required use saml tai. if intention reverse compile saml tai code in order clarify understanding, i'd encourage first study developerworks article on saml tai presents common web-based sso scenarios was. describes how 1 configures saml tai custom properties undertake various use cases. discusses how saml tai leverages new general tai capabilities allow hook security model @ more 1 stage.


Comments

Post a Comment

Popular posts from this blog

Unable to remove the www from url on https using .htaccess -

-
i want remove www site url. ie. https://www.domainname.com.au https://domainname.com.au . i have tried various .htacces code nothing work me. here present code remove www http not work https. rewriteengine on rewritebase / rewritecond %{http_host} ^www\.(.*)$ [nc] rewriterule ^/(.*)$ http://%1/$1 [r=301,l] rewritecond %{https} off rewriterule ^(.*)$ https://domainname.com.au/$1 [r=301,l] rewriterule ^code-of-conducts/(.*)/$ code-of-conducts.php?type=$1 rewriterule ^parents/post-a-job/(.*)/edit/$ parents/post-a-job.php?action=edit&id=$1 rewriterule ^parents/post-a-job/(.*)/$ parents/post-a-job.php?job_type=$1 rewriterule ^parents/open-jobs/(.*)/delete/$ parents/open-jobs.php?action=delete&id=$1 rewriterule ^parent-profile/(.*)/$ parent-profile.php?id=$1 rewriterule ^parents/job-details/(.*)$ parents/job-details.php?applied_id=$1 rewriterule ^sitterprofile/(.*)/$ sitterprofile.php?id=$1 rewriterule ^sitter/job-board/state/(.*)/page/(.*)/$ sitter/job-board.ph...
Read more