Are these saml request-response good enough?

Posted by Ashwin on Stack Overflow See other posts from Stack Overflow or by Ashwin
Published on 2012-03-28T05:43:58Z Indexed on 2012/03/31 17:28 UTC
Read the original article Hit count: 208

Filed under:

I have set up a single sign on(SSO) for my services. All the services confirm the identity of the user using the IDPorvider(IDP). In my case I am also the IDP.
In my saml request, I have included the following:
1. the level for which auth. is required.
2. the consumer url
3. the destination service url.
4. Issuer

Then, encrypting this message with the SP's(service provider) private key and then with the IDP's Public key. Then I am sending this request.
The IDP on receiving the request, first decrypts with his own private key and then with SP's public key. In the saml response:
1. destination url
2. Issuer
3. Status of the response

Is this good enough? Please give your suggestions?

© Stack Overflow or respective owner

Related posts about saml