philduba.comRecent Entries
- MangoBlog/Oracle Int...
- OT - Google Maps: In...
- Email Hijacked?
- CFUnited: Refactorin...
- CFUnited: Continuous...
- CFUnited: Prototypin...
- CFUnited: All about ...
- CFUnited: Event Driv...
- CFUnited: Integrated...
- CFUnited: ColdBox Fr...
Popular Entries
- CFUnited: All about ...
- SAML and ColdFusion ...
- SAML and ColdFusion ...
- SAML and ColdFusion ...
- SAML and ColdFusion ...
- SAML and ColdFusion ...
- Import/Export in SQL...
- CFUnited: Google Web...
- Second Blog CFC Surv...
- Improving Performanc...
Top Commenters
- Nathan Mische (12)
- CFdevfusion (6)
- CFFusionDev (6)
- Peter Bell (4)
- ah7866 (3)
- Sean Corfield (3)
- air max (3)
- Terrence Ryan (3)
- Rey Bango (3)
- Scott (2)
Slideshows
Dresser/Changing Table...Images related to the lay...
Nursery renovations...
Pool Surprises...
Sponsored Links
Search
Subscribe
Enter your email address to subscribe to this blog.RSS
Tags
cfug cfunited coldfusion flex generalArchives
- Adobe (5) [RSS]
- AIR (6) [RSS]
- ASP.NET (2) [RSS]
- BlazeDS (1) [RSS]
- Books (1) [RSS]
- CFEclipse (5) [RSS]
- CFML (0) [RSS]
- CFUG (26) [RSS]
- CFUnited (23) [RSS]
- ColdFusion (53) [RSS]
- College Football (3) [RSS]
- Conferences (1) [RSS]
- Development Tools (3) [RSS]
- DIY (1) [RSS]
- Eagles (3) [RSS]
- Fireworks (1) [RSS]
- Flash (3) [RSS]
- Flex (10) [RSS]
- Flyers (2) [RSS]
- Frameworks (5) [RSS]
- General (28) [RSS]
- Hockey (2) [RSS]
- Hosting (1) [RSS]
- House (2) [RSS]
- HTML (2) [RSS]
- JavaScript (1) [RSS]
- Jobs (1) [RSS]
- Macromedia (0) [RSS]
- MangoBlog (1) [RSS]
- Misc. (5) [RSS]
- Model-Glue (4) [RSS]
- Navy Football (5) [RSS]
- onair2007Philadelphia (3) [RSS]
- onairbustour (3) [RSS]
- Open Source (0) [RSS]
- Other (2) [RSS]
- Other Sports (4) [RSS]
- Performance (3) [RSS]
- Personal (2) [RSS]
- Phillies (2) [RSS]
- Projects, User Group Manager (1) [RSS]
- Rant (1) [RSS]
- Rants (1) [RSS]
- SAML (6) [RSS]
- Site (1) [RSS]
- Soccer (4) [RSS]
- SQL Server (2) [RSS]
- Transportation (1) [RSS]
- Wedding (2) [RSS]
AGGREGATORS
SAML and ColdFusion Part 6 : Validating an Assertion
Posted On May 10, 2007 7:32 AM By Phil in SAML,ColdFusion
Welcome to what I believe will be the last entry in my SAML and ColdFusion series. This entry concentrates on validating a SAML assertion which includes checking for conditions, validating the signature, and extracting the assertion attributes. This post builds off of all the previous posts, so if you are just coming to this series at this point in time, I would suggest reading each of the previous posts in this series to see the background information. In the last post, we created a way to sign a document and create a keystore with a self-signed certificate. In this entry, we'll validate the assertion that was created, creating both a ColdFusion template for validation and a Java class file for verification.
SAML and ColdFusion Part 5 : Signing a Document
Posted On May 1, 2007 5:44 PM By Phil in SAML,ColdFusion
In this entry of the SAML series, I'll build a ColdFusion template as well as a Java class to sign an XML document. I'll also cover creating a keystore and self-signed certificate that will be used for the signature generation and verification. The logic created in this entry is heavily influenced by an article by Robert Sayre located here. So now, let's get on to the code!
SAML and ColdFusion Part 4 : Setting Up the Library
Posted On April 26, 2007 7:00 AM By Phil in SAML,ColdFusion
So far in this series, I have talked about what SAML is, what makes up and Assertion and what XML Digital Signatures are. Now, it is time to actually get into an implementation using ColdFusion. Unfortunately, a pure ColdFusion solution is unattainable due to the limitations of XML manipulation and the lack of native XML Signature components in its supported JRE (1.4.whatever). As a result, I did a lot of research on the various libraries and products out there. I wanted something simple to implement and preferably open source and, obviously, it had to be compatible with ColdFusion. After about a few days, I decided on the Apache XML Security library. No sense beating around the bush, here are the steps I used to implement this library, pay special attention to the versions of the library used as the latest isn't the right one for this version of ColdFusion (note: I used ColdFusion MX 7.0.2):
SAML and ColdFusion Part 3 : XML Digital Signatures
Posted On April 16, 2007 6:23 PM By Phil in SAML,ColdFusion
In parts one and two, I talked about the basics of SAML as well as the structure of a SAML assertion. In this entry, I am going to briefly cover a part of the assertion I skipped over last time, the Digital Signature. XML Digital Signatures are a common part of SAML artificats as they help to provide:
- Flexibility in signing documents
- Uses existing cryptographic and security technologies such as X509 and SHA1
- The integrity of the document and data transfered
- Creation and Verification of portable signatures
SAML and ColdFusion - Part 2
Posted On February 9, 2007 7:42 AM By Phil in SAML,ColdFusion
Ok, I know it has been a while, but I'm ready for part 2 of the SAML and ColdFusion series. In this post, I will talk about the main carrier of information between an Identity Provider and a Service Provider, the Assertion. If you recall from my previous post, a form variable called SAMLResponse containing a Base64 string is submitted. This variable is what contains the Assertion document. The Assertion helps to convey the following information:
- Header information which usually identifies the identity provider submitting the assertion and any conditional information used to validate the request
- Information relating to the Subject of the Assertion or the user for which the SSO action is being performed
- A series of Authentication or Attribute Statements
- Digital Signature
SAML and ColdFusion - Part 1
Posted On December 29, 2006 4:52 PM By Phil in SAML,ColdFusion
Over the summer, I began to work on a project that wnated to utilize SAML(all information in this post and follow on ones are retrieved from the OASIS site), or Security Assertion Markup Language. At the time, I wasn't given much information about SAML, except for the link to the site and asked: "Can we implement this?". Well, luckily, that customer decided to go in a different direction as if one looks through the SAML documentation, there are numerous Use Cases and Implementations. Although the project was dead, I thought about how to implement something like this within our company's suite of applications which are ColdFusion based. Now for some background on SAML. For those that may be unaware, SAML is an XML-based way of doing federated authentication, providing a level of single sign-on previously done through either adding a filter or executable to one's web server or custom-built exchange mechanisms/URL parameters . SAML's documentation talks to a number of ways to utilize what it calls Authentication Assertions, but, within a web-based environment, there are essentially 3 parties involved: Browser, Identity Provider or Source Site and a Service Provider or Destination Site. Essentially, the typical Use Case for web-based applications is as follows:
- User browses to the Source Site
- User attempts to access protected content on the Source Site
- User is prompted for authentication credentials within the Source Site
- Source Site validates authentication of the User's credentials
- User continues to utilize Source Site resources
- At some point, the User is redirected to a Third-party/Partner site due to their credentials, status or permissions