{#advanced_dlg.about_title}

Programming, Technology »

Friday, November 15, 2013 | 0 Comments

For testing purposes I am using OpenAM with the default configuration which includes a embedded OpenDJ (LDAP) instance. This embedded LDAP directory should not be used in production but can perfectly be used in your development setup. I am using OpenAM for setting up an identity provider which communicates SAML 2.0 with my service providers. My service providers need role assertions about the user accessing the service provider. This post will go quickly through all the steps needed to return the roles/groups of an user in case of a default OpenAM configuration. Before you can do that you already need your identity and service provider, realm and circle of trust configured. The LDAP directory is filled with a default user demo which we are... [More]

{#advanced_dlg.about_title}

Programming, Technology »

Tuesday, November 12, 2013 | 0 Comments

In my current job we where in the need for a load-test script which performs Service Provider (SP) initiated Web Browser Single Sign-On’s (SSO’s) based on SAML 2.0 (Security Assertion Markup Language). A mouthful, but it sounds harder than it actually is. We need this to determine how much load our Identity Provider (IdP) can handle, but we are also planning to use it as an instrument to test if our identity provider can meet our performance requirements. Now off course you could also load-test the login process without the use of SAML. In this scenario you go directly to the login URL of the identity provider which doesn’t involve exchanging SAML messages between the service provider and the identity provider. While this i... [More]