https://developers.wiki.kennisnet.nl/index.php?title=KNF:Korte_uitleg_SAML_protocol/en&feed=atom&action=historyKNF:Korte uitleg SAML protocol/en - Bewerkingsoverzicht2024-03-28T18:15:16ZBewerkingsoverzicht voor deze pagina op de wikiMediaWiki 1.35.13https://developers.wiki.kennisnet.nl/index.php?title=KNF:Korte_uitleg_SAML_protocol/en&diff=6086&oldid=prevOostmeijer01: /* Web Browser SSO profile */2016-12-11T14:44:15Z<p><span dir="auto"><span class="autocomment">Web Browser SSO profile</span></span></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="nl">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Oudere versie</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Versie van 11 dec 2016 14:44</td>
</tr><tr>
<td colspan="2" class="diff-lineno">Regel 30:</td>
<td colspan="2" class="diff-lineno">Regel 30:</td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Web Browser SSO profile==</div></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Web Browser SSO profile==</div></td>
</tr>
<tr>
<td class="diff-marker">−</td>
<td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Several profiles are defined within the SAML specification, each supporting a different use case. In the context of Entree Federation we'll focus on the '''Web browser SSO profile'''. <del class="diffchange diffchange-inline">In this case the user wants to access the protected website of the Service Provider. In order to make an authorisation decision the Service Provider needs to establish the identity of the user. Therefore the Service Provider requests an assertion about the identity of the user. Based on the response of the Identity Provider the Service Provider will decide whether or not the user is granted access to the website.</del></div></td>
<td class="diff-marker">+</td>
<td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Several profiles are defined within the SAML specification, each supporting a different use case. In the context of Entree Federation we'll focus on the '''Web browser SSO profile'''. </div></td>
</tr>
<tr>
<td colspan="2" class="diff-empty"> </td>
<td class="diff-marker">+</td>
<td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"></td>
</tr>
<tr>
<td colspan="2" class="diff-empty"> </td>
<td class="diff-marker">+</td>
<td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>In this case the user wants to access the protected website of the Service Provider. In order to make an authorisation decision the Service Provider needs to establish the identity of the user. Therefore the Service Provider requests the Identity Provider for an assertion about the identity of the user. Based on the response of the Identity Provider the Service Provider will decide whether or not the user is granted access to the website.</div></td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Authentication process==</div></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Authentication process==</div></td>
</tr>
</table>Oostmeijer01https://developers.wiki.kennisnet.nl/index.php?title=KNF:Korte_uitleg_SAML_protocol/en&diff=6085&oldid=prevOostmeijer01: /* Web Browser SSO profile */2016-12-11T14:43:15Z<p><span dir="auto"><span class="autocomment">Web Browser SSO profile</span></span></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="nl">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Oudere versie</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Versie van 11 dec 2016 14:43</td>
</tr><tr>
<td colspan="2" class="diff-lineno">Regel 30:</td>
<td colspan="2" class="diff-lineno">Regel 30:</td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Web Browser SSO profile==</div></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Web Browser SSO profile==</div></td>
</tr>
<tr>
<td class="diff-marker">−</td>
<td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Several profiles are defined within the SAML specification, each supporting a different use case. In the context of Entree Federation we'll focus on the '''Web browser SSO profile'''. </div></td>
<td class="diff-marker">+</td>
<td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Several profiles are defined within the SAML specification, each supporting a different use case. In the context of Entree Federation we'll focus on the '''Web browser SSO profile'''. <ins class="diffchange diffchange-inline">In this case the user wants to access the protected website of the Service Provider. In order to make an authorisation decision the Service Provider needs to establish the identity of the user. Therefore the Service Provider requests an assertion about the identity of the user. Based on the response of the Identity Provider the Service Provider will decide whether or not the user is granted access to the website.</ins></div></td>
</tr>
<tr>
<td class="diff-marker">−</td>
<td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"></td>
<td colspan="2" class="diff-empty"> </td>
</tr>
<tr>
<td class="diff-marker">−</td>
<td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Hierin wil een gebruiker via zijn browser de afgeschermde website van de Service Provider bezoeken. Om te bepalen of de gebruiker toegang krijgt tot de website wil de Service Provider de identiteit van de gebruiker vaststellen. De Service Provider vraagt hiervoor de Identity Provider om een verklaring (assertion) over de identiteit van de gebruiker af te leggen. Op basis van het antwoord van de Identity Provider bepaalt de Service Provider of de gebruiker toegang krijgt.</div></td>
<td colspan="2" class="diff-empty"> </td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Authentication process==</div></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Authentication process==</div></td>
</tr>
</table>Oostmeijer01https://developers.wiki.kennisnet.nl/index.php?title=KNF:Korte_uitleg_SAML_protocol/en&diff=6084&oldid=prevOostmeijer01: /* Web Browser SSO profile */2016-12-11T14:34:04Z<p><span dir="auto"><span class="autocomment">Web Browser SSO profile</span></span></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="nl">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Oudere versie</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Versie van 11 dec 2016 14:34</td>
</tr><tr>
<td colspan="2" class="diff-lineno">Regel 32:</td>
<td colspan="2" class="diff-lineno">Regel 32:</td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Several profiles are defined within the SAML specification, each supporting a different use case. In the context of Entree Federation we'll focus on the '''Web browser SSO profile'''. </div></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Several profiles are defined within the SAML specification, each supporting a different use case. In the context of Entree Federation we'll focus on the '''Web browser SSO profile'''. </div></td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
</tr>
<tr>
<td class="diff-marker">−</td>
<td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline"> </del>Hierin wil een gebruiker via zijn browser de afgeschermde website van de Service Provider bezoeken. Om te bepalen of de gebruiker toegang krijgt tot de website wil de Service Provider de identiteit van de gebruiker vaststellen. De Service Provider vraagt hiervoor de Identity Provider om een verklaring (assertion) over de identiteit van de gebruiker af te leggen. Op basis van het antwoord van de Identity Provider bepaalt de Service Provider of de gebruiker toegang krijgt.<del class="diffchange diffchange-inline"> </del></div></td>
<td class="diff-marker">+</td>
<td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Hierin wil een gebruiker via zijn browser de afgeschermde website van de Service Provider bezoeken. Om te bepalen of de gebruiker toegang krijgt tot de website wil de Service Provider de identiteit van de gebruiker vaststellen. De Service Provider vraagt hiervoor de Identity Provider om een verklaring (assertion) over de identiteit van de gebruiker af te leggen. Op basis van het antwoord van de Identity Provider bepaalt de Service Provider of de gebruiker toegang krijgt.</div></td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td>
</tr>
<tr>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Authentication process==</div></td>
<td class="diff-marker"> </td>
<td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Authentication process==</div></td>
</tr>
</table>Oostmeijer01https://developers.wiki.kennisnet.nl/index.php?title=KNF:Korte_uitleg_SAML_protocol/en&diff=6083&oldid=prevOostmeijer01: Nieuwe pagina aangemaakt met '{{Talen}} <br/> __TOC__ Entree Federation's main underlying principle is '''Single Sign On''' (SSO). A user only needs to log in once at his schoolapplication (Ide...'2016-12-11T14:33:32Z<p>Nieuwe pagina aangemaakt met '{{Talen}} <br/> __TOC__ Entree Federation's main underlying principle is '''Single Sign On''' (SSO). A user only needs to log in once at his schoolapplication (Ide...'</p>
<p><b>Nieuwe pagina</b></p><div>{{Talen}}<br />
<br/><br />
__TOC__<br />
<br />
Entree Federation's main underlying principle is '''Single Sign On''' (SSO). A user only needs to log in once at his schoolapplication (Identity Provider) and has automatocally access to all the connected services (Service Providers).<br />
<br />
The communication between Service Providers and Identity Providers goes through the central hub of Kennisnet. This way a Service Provider (SP) or a Identity Provider (IdP) only needs to maintain one connection with the central hub. The application of Kennisnet fulfills the role of Identity Provider for all the connected Service Providers and at the same time the role of Service Provider towards all the connected Identity Providers.<br />
<br />
Single Sign On is possible because all the different applications communicate on the basis of the '''SAML 2.0''' protocol with each other. SAML means '''S'''ecurity '''A'''ssertion '''M'''arkup '''L'''anguage. It is an open standard for the exchange of authentication and autorisation data. The standard has been developed and maintained by the non-profit consortiunm [https://wiki.oasis-open.org/security/FrontPage OASIS].<br />
<br />
==Metadata==<br />
The different parties within Entree Federation have established a trust relation with each other. They agreed upon several conventions concerning a unique identifier, the role of each party, endpoints and information about encryption. All this is laid down in a metadata file.<br />
<br />
This is a simplified example of a metadata file of a Service Provider:<br />
<syntaxhighlight lang="xml"><br />
<EntityDescriptor entityID="https://example.com"><br />
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><br />
<KeyDescriptor><br />
...<br />
</KeyDescriptor><br />
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/sso" index="0"/><br />
</SPSSODescriptor><br />
</EntityDescriptor><br />
</syntaxhighlight><br />
* The required attribute ''entityID'' contains a unique identifier for the application, preferably in a URL format.<br />
* The element ''<SPSSODescriptor>'' describes the role of the Service Provider. In case of an Identity Provider ''<IDPSSODescriptor>'' is used.<br />
* The attribute ''protocolSupportEnumeration'' contains the supported protocols.<br />
* ''<KeyDescriptor>'' includes information about the encryption.<br />
* The ''<AssertionConsumerService>'' contains the endpoint an Identity Provider can use to send messages to the Service Provider, in this example an ''HTTP-POST'' binding has to be used.<br />
<br />
==Web Browser SSO profile==<br />
Several profiles are defined within the SAML specification, each supporting a different use case. In the context of Entree Federation we'll focus on the '''Web browser SSO profile'''. <br />
<br />
Hierin wil een gebruiker via zijn browser de afgeschermde website van de Service Provider bezoeken. Om te bepalen of de gebruiker toegang krijgt tot de website wil de Service Provider de identiteit van de gebruiker vaststellen. De Service Provider vraagt hiervoor de Identity Provider om een verklaring (assertion) over de identiteit van de gebruiker af te leggen. Op basis van het antwoord van de Identity Provider bepaalt de Service Provider of de gebruiker toegang krijgt. <br />
<br />
==Authentication process==<br />
<br />
<br />
<br />
[[Categorie:Entree Federatie]]</div>Oostmeijer01