AuthNContext and SAML 2.0 - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

AuthNContext and SAML 2.0

Description:

... and the saml:AuthenticationMethod attribute is ' ... provider uses to initially create an association between a Principal and the identity (or ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 8
Provided by: pmis
Category:

less

Transcript and Presenter's Notes

Title: AuthNContext and SAML 2.0


1
AuthNContext and SAML 2.0
  • Prateek Mishra
  • Netegrity

2
LA 1.1 Flows
ltAuthNResponsegt or Artifact
ltAuthNRequestgt
  • Rules for mapping XML elements into query strings
    are described (Section 3.1.2 of Bindings and
    Profiles)
  • AuthNRequest SHOULD be signed
  • Assertions with AuthNResponse MUST be signed it
    is recommended that the response itself not be
    signed
  • Question What about counter-measures based on
    signing TARGET in SAML 1.0?
  • Artifact profile Request-Responseltsamlp
    Requestgt MUST be signed ltsamlp Responsegt MAY be
    signed but contained assertions MUST be signed.
  • ISSUE Update and reconcile signing with SAML 1.1
    guidelines

3
AuthNRequest
ltelement ref"libAuthnContext" minOccurs"0"/gt
AuthNRequest
ltelement name"AuthnContextComparison"
type"libAuthnContextComparisonType" minOccurs"0
" maxOccurs"1"/gt .
ltsimpleType name"AuthnContextComparisonType"gt ltre
striction base"string"gt ltenumeration
value"exact"/gt ltenumeration value"minimum"/gt
ltenumeration value"better"/gt lt/restrictiongt
lt/simpleTypegt
ltelement name"AuthnContext"gt ltcomplexTypegt
ltchoicegt ltelement name"AuthnContextClassRef"
type"anyURI" maxOccurs"unbounded"/gt ltelement
name"AuthnContextStatementRef" type"anyURI"
maxOccurs"unbounded"/gt lt/choicegt lt/complexTypegt
lt/elementgt
4
Liberty AuthenticationStatementType
ltelement name"AuthnContext" minOccurs"0"gt ltcompl
exTypegt ltsequencegt ltelement name"AuthnContextCl
assRef" type"anyURI" minOccurs"0"/gt ltchoicegt
ltelement ref"acAuthenticationContextStatement"/
gt ltelement name"AuthnContextStatementRef"
type"anyURI"/gt lt/choicegt lt/sequencegt
lt/complexTypegt
When the Service Provider is processing a
ltsamlAuthenticationStatementgt of
type libAuthenticationStatementType and the
samlAuthenticationMethod attribute is
"http//projectliberty.org/schemas/authctx/2002/0
5", the Service Provider MUST refer to the
ltAuthnContextgt element and ignore the
samlAuthenticationMethod attribute.
5
SAML 1.1 AuthenticationMethod
7 SAML-Defined Identifiers .......................
..................................................
..........................................46
142 7.1 Authentication Method Identifiers
..................................................
..................................................
.46 143 7.1.1 Password...46 144 7.1.2 Kerberos
....46 145 7.1.3 Secure Remote Password
(SRP).............................................
.................................................4
6 146 7.1.4 Hardware Token........................
..................................................
..............................................47
147 7.1.5 SSL/TLS Certificate Based Client
Authentication ..................................
..................................47 148 7.1.6
X.509 Public Key .................................
..................................................
....................................47 149 7.1.7
PGP Public Key....................................
..................................................
...................................47 150 7.1.8
SPKI Public Key ..................................
..................................................
....................................47 151 7.1.9
XKMS Public Key ..................................
..................................................
..................................47 152 7.1.10
XML Digital Signature.............................
..................................................
...............................47 153 7.1.11
Unspecifi47 154
6
Identification Characteristics that describe
the processes and mechanism the identity provider
uses to initially create an association between a
Principal and the identity (or name) by which
the Principal will be known. Physical
Protection Characteristics that specify
physical controls on the facility housing the
identity providers systems (for example, site
location and construction, access controls).
Operational Protection Characteristics that
describe procedural security controls employed by
the identity provider (for example, security
audits, records archival). Technical
Protection Characteristics that describe how
the secret (the knowledge or possession of
which allows the Principal to authenticate to the
identity provider) is kept secure.
Authentication Method Characteristics that
define the mechanisms by which the Principal
authenticates to the identity provider (for
example, a password versus a smartcard).
7
ltcomplexTypegt ltsequencegt ltelement
ref"ACIdentification" minOccurs"0"/gt ltelement
ref"ACTechnicalProtection" minOccurs"0"/gt
ltelement ref"ACOperationalProtection"
minOccurs"0"/gt ltelement ref"ACAuthenticationMe
thod" minOccurs"0"/gt ltelement
ref"ACGoverningAgreements" minOccurs"0"/gt
ltany namespace"any" minOccurs"0"
maxOccurs"unbounded" processContents"lax" /gt
lt/sequencegt 1326 ltattribute name"ID"
type"ID"/gt lt/complexTypegt 1328
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "AuthNContext and SAML 2.0" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!