node.js - How can I do secure SAML with multiple tenants? -

-

i'm talking in context of idp-initiated workflow.

i'm using this passport strategy saml. under "security , signatures" heading, suggests providing idp's cert.

this cert inserted when define strategy afaik.

in case of multi-tenant application, have no way of knowing cert use until user attempted log in, , @ point late use cert, wouldn't it?

how can authenticate saml requests multiple tenants if can't know cert use until saml requests come in?

i'm thinking i'd need this:

  1. user sends information identifying tenant they're trying login to
  2. the saml strategy created correct cert.
  3. the saml process starts.

or perhaps i'm thinking wrong, , none of necessary having relatively secure login process?

if question broad, i'd appreciate if left comments me narrow down, or directed me resources should read.

if wasn't clear, i'm storing:

  • the sso url
  • the issuer url
  • the public cert

this information linked tenant, once profile information idp, can identify tenant user should directed to. can use information after tenant identified validate things.

perhaps can use public cert "after-the-fact" validation?

not sure if not familiar passport. said, when have designed multi-tenant saml service provider (sp) identity provider (idp) data flows, implemented idp discovery service prior saml request being issued. in order make idp discovery work there few strategies, 1 seems work best having tenant names in url subdomain, e.g. tenant.yourcompany.com. when url processed in idp discovery service can format saml request idp server. hope helps.


Comments

Post a Comment

Popular posts from this blog

Java 3D LWJGL collision -

-
i making 3d java game lwjgl library, , wondering how add collision detection, player not go through models. i using obj models. here objloader class, loads models: package renderengine; import java.io.bufferedreader; import java.io.file; import java.io.filenotfoundexception; import java.io.filereader; import java.util.arraylist; import java.util.list; import models.rawmodel; import org.lwjgl.util.vector.vector2f; import org.lwjgl.util.vector.vector3f; public class objloader { public static rawmodel loadobjmodel(string filename, loader loader){ filereader fr = null; try { fr = new filereader(new file("res/"+filename+".obj")); } catch (filenotfoundexception e) { system.err.println("couldn't load file!"); e.printstacktrace(); } bufferedreader reader = new bufferedreader(fr); string line; list<vector3f> vertices = new arraylist<vector3f...
Read more

spring - SubProtocolWebSocketHandler - No handlers -

-
i have ugly error during deploying spring app on jboss. 18:11:16,025 error [org.apache.catalina.core.containerbase.[jboss.web].[default-host].[/consumer]] (msc service thread 1-7) exception sending context initialized event listener instance of class org.springframework.web.context.contextloaderlistener: org.springframework.context.applicationcontextexception: failed start bean 'subprotocolwebsockethandler'; nested exception java.lang.illegalargumentexception: no handlers @ org.springframework.context.support.defaultlifecycleprocessor.dostart(defaultlifecycleprocessor.java:176) [spring-context-4.1.3.release.jar:4.1.3.release] @ org.springframework.context.support.defaultlifecycleprocessor.access$200(defaultlifecycleprocessor.java:51) [spring-context-4.1.3.release.jar:4.1.3.release] @ org.springframework.context.support.defaultlifecycleprocessor$lifecyclegroup.start(defaultlifecycleprocessor.java:346) [spring-context-4.1.3.release.jar:4.1.3.release] @ org.s...
Read more

methods - python can't use function in submodule -

-
my folder structure this: pythonstuff/ program.py modulea/ __init__.py foo.py bar.py here's code bar.py : def hello(): print("hello, world!") here's code program.py : #!/usr/bin/env python3 modulea import bar bar.hello() i run $ python3 program.py somehow error: file "program.py", line 3, in <module> bar.hello() attributeerror: 'module' object has no attribute 'hello' edit: __init__.py file empty. edit2: after trying realized had bar.py in root directory contained hello() method. bar.py in modulea/ directory empty. add it import os __all__ = [] module in os.listdir(os.path.dirname(__file__)): if module != '__init__.py' , module[-3:] == '.py': __all__.append(module[:-3]) the init .py files required make python treat directories containing packages; done prevent directories common name, such string, unintentionally hiding v...
Read more