Need help in federation

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Need help in federation

reda sabir
Hello everyone,

I want to achieve this use case but I don't know how to do it in OpenAM:
----------------------------------------------------------------------------------------------------------
|                                                                                                        |
|      user -------> APP(php) ----------> OpenAM-----------------> Siteminder    |
|                             SP                        SP                            IDP        |
|___________________________________________________________|

The protocol used is SAML. Now, I know how to build the communication Openam--->Siteminder (federation) but I don't know how to link APP with the SP of OpenAM.

For instance if we want to make this in WSO2, we could click on  "Local & Outbound Authentication Configuration" and choose "" with the right remote IdP. This of course is made when you configure the SP APP in WSO2.

So is there any way to make the same in OpenAM? If not, how we could then realise this federation.

Thank you for your help

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: Need help in federation

Warren Strange

On Fri, May 20, 2016 at 2:36 AM, reda sabir <[hidden email]> wrote:
Hello everyone,

I want to achieve this use case but I don't know how to do it in OpenAM:
----------------------------------------------------------------------------------------------------------
|                                                                                                        |
|      user -------> APP(php) ----------> OpenAM-----------------> Siteminder    |
|                             SP                        SP                            IDP        |
|___________________________________________________________|

The protocol used is SAML. Now, I know how to build the communication Openam--->Siteminder (federation) but I don't know how to link APP with the SP of OpenAM.

For instance if we want to make this in WSO2, we could click on  "Local & Outbound Authentication Configuration" and choose "" with the right remote IdP. This of course is made when you configure the SP APP in WSO2.

So is there any way to make the same in OpenAM? If not, how we could then realise this federation.

Thank you for your help

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam




--

Warren
M:    403-471-7829 

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: Need help in federation

Bernhard Thalmayr
In reply to this post by reda sabir
Why do you want to "connect" (achieve SSO) the APP(php) to OpenAM at
all? Is there a reason you can not "connect' the APP directly with the IdP?

-Bernhard

Am 20/05/16 um 10:36 schrieb reda sabir:

> Hello everyone,
>
> I want to achieve this use case but I don't know how to do it in OpenAM:
> ----------------------------------------------------------------------------------------------------------
> |                                                                                                    
>    |
> |      user -------> APP(php) ----------> OpenAM----------------->
> Siteminder    |
> |                             SP                      
> SP                            IDP        |
> |___________________________________________________________|
>
> The protocol used is SAML. Now, I know how to build the communication
> Openam--->Siteminder (federation) but I don't know how to link APP with
> the SP of OpenAM.
>
> For instance if we want to make this in WSO2, we could click on  "Local
> & Outbound Authentication Configuration" and choose "Federated
> Authentication" with the right remote IdP. This of course is made when
> you configure the SP APP in WSO2.
>
> So is there any way to make the same in OpenAM? If not, how we could
> then realise this federation.
>
> Thank you for your help
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: Need help in federation

reda sabir
Hello,

Thank you Warren, that is what I was looking for. @Bernard: I found that this behaviour can be usefull in some rare cases and I wanted to know if we can do it in OpenAM. But of course, we can simply contact directly the other IdP?

Reda

2016-05-22 22:00 GMT+02:00 Bernhard Thalmayr <[hidden email]>:
Why do you want to "connect" (achieve SSO) the APP(php) to OpenAM at
all? Is there a reason you can not "connect' the APP directly with the IdP?

-Bernhard

Am 20/05/16 um 10:36 schrieb reda sabir:
> Hello everyone,
>
> I want to achieve this use case but I don't know how to do it in OpenAM:
> ----------------------------------------------------------------------------------------------------------
> |
>    |
> |      user -------> APP(php) ----------> OpenAM----------------->
> Siteminder    |
> |                             SP
> SP                            IDP        |
> |___________________________________________________________|
>
> The protocol used is SAML. Now, I know how to build the communication
> Openam--->Siteminder (federation) but I don't know how to link APP with
> the SP of OpenAM.
>
> For instance if we want to make this in WSO2, we could click on  "Local
> & Outbound Authentication Configuration" and choose "Federated
> Authentication" with the right remote IdP. This of course is made when
> you configure the SP APP in WSO2.
>
> So is there any way to make the same in OpenAM? If not, how we could
> then realise this federation.
>
> Thank you for your help
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: <a href="tel:%2B49%20%280%298062%207769174" value="+4980627769174">+49 (0)8062 7769174
Mobile: <a href="tel:%2B49%20%280%29176%2055060699" value="+4917655060699">+49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam