We don’t allow questions seeking recommendations for software libraries, tutorials, tools, books, or other off-site resources. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
接受
或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
发布评论
评论(3)
其工作原理是,在对用户进行身份验证后,SAML 身份提供商 (IdP) 向浏览器呈现一个包含 SAML 响应的表单 - 该表单的“操作”(即目标)是服务提供商 (SP)。 在 HTML 中,有一个 JavaScript onLoad 事件用于提交表单,因此最终效果是用户自动从 IdP 转移到 SP,手中有 SAML 响应。
用户唯一需要单击任何内容才能提交表单的情况是禁用了 JavaScript。 在这种情况下,SAML 实现通常会在
标签中提供一条带有按钮的消息。
有关更多详细信息,请参阅我几年前写的这篇文章 - 但请注意,“Lightbulb”现已过时 - 对于 PHP SAML,请参阅 simpleSAMLphp。
遗憾的是您的客户想要使用 CA SiteMinder - 开源 OpenAM(以前称为 OpenSSO)可以做到这一点很容易。
The way this works is that, after authenticating the user, the SAML identity provider (IdP) renders a form to the browser containing the SAML response - the form's 'action' (i.e. target) is the service provider (SP). In the HTML, there is a JavaScript onLoad event that submits the form, so the net effect is that the user is automatically taken from the IdP to the SP, SAML response in hand.
The only time a user would have to click anything to submit the form is if they have JavaScript disabled. In this case, SAML implementations typically provide a message with a button to press in the
<noscript>
tag.For more detail see this article I wrote a few years ago - but note, 'Lightbulb' is long obsolete now - for PHP SAML see simpleSAMLphp.
It's a shame your client wants to use CA SiteMinder - the open source OpenAM (formerly known as OpenSSO) does this pretty easily.
这篇文章解释得很好。 也有针对不同平台的示例。
This article explains is very well. There are examples for different platforms too.
如果 Siteminder 是依赖方,那么您需要编写一个自定义代理来获取 SAML 工件并创建 SM 会话。 否则,您将需要购买已内置此功能的产品。
If Siteminder is the relying party, then you would need to write a custom agent to take a SAML artifact and create an SM-Session. Otherwise, you will need to purchase a product that has this functionality already built.