[OpenID] Using SimpleSAMLphp for OpenID
Peter Williams
pwilliams at rapattoni.com
Sat Mar 28 01:04:12 UTC 2009
One of the more fun things to do with simpleSAML's 'bridging" approach to websso would be to tunnel openid-over-redirect/post not through https but through a saml2 redirect/post binding (leveraging X.509 and SAML2's messaging/pairwise encryption)
If you imagine the classical email model of UA->MTA <-> MTA<-UA where Protocol1 signals between the intermediating transfer agents (MTAs) and Protocol2 signals between the end-end user agents (UA), then openid would be p2 whereas saml would be p1.
Given the way simpleSAML is constructed, it should be relatively straight forward to fashion such experiments.
we already have 1 partner using simpleSAMLphp in production, and another has just started. Both will using the SAML2 variety of websso, rather than openid auth. But, its early... The more gateway capable websso switches there are (taking the approach of Feide), the easier it will be for folks to operate in the (normal) multi-protocol world.
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of J. Trent Adams
> Sent: Friday, March 27, 2009 2:17 PM
> To: general at openid.net
> Subject: [OpenID] Using SimpleSAMLphp for OpenID
>
>
> While it looks like they're still marking OpenID (OP/RP) as
> "experimental", I'm curious if anyone on this list has deployed
> SimpleSAMLphp for OpenID?
>
> http://rnd.feide.no/simplesamlphp
>
> If it was evaluated, but rejected, could you share why?
>
> Thanks in advance,
> Trent
>
> --
> J. Trent Adams
> =jtrentadams
>
> Profile: http://www.mediaslate.org/jtrentadams/
> LinkedIN: http://www.linkedin.com/in/jtrentadams
> Twitter: http://twitter.com/jtrentadams
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list