About inankanbur

inankanbur · 11-23-2018

Hi,We receive a SAML assertion from an identity provider, which do no contain element. As far as I can see that should be ok as the SAML2 spec does not require the use of (Section 5.4.5). Nevertheless, the Validate SAML Policy fails verifying the s...

inankanbur · 11-10-2021

We had to drop the nodejs solution and switch to a Java callout instead. This is probably a rare case that you would have to use a custom solution for SAML verification rather than the built-in policy, but, in case anyone does, below is some piece of...

inankanbur · 10-14-2021

A Preflight request, which is an HTTP OPTIONS request, is automatically fired by the browser to check with the server if the HTTP method which is about to be used as well as any non-CORS-safelisted request headers are ok with the server.It includes t...

inankanbur · 10-13-2020

Can it be slightly better to use something other than the client id as the KVM key, like a custom app attribute? Client id may change due to expiry or revocation, and if you use a custom attribute then you'd not need to update the KVM up on client id...

inankanbur · 05-11-2020

If a client is using a JWT to get an access token on behalf of itself, grant_type should still be "client_credentials", where the JWT should be supplied in the "client_assertion" parameter with the "client_assertion_type" parameter being set to "urn:...

inankanbur · 01-08-2020

Hi,As far as I understand, SSO_SAML_SERVICE_PROVIDER_KEY and SSO_SAML_SERVICE_PROVIDER_CERTIFICATE are used when IdP is talking SAML. In that case, the metadata is available at http(s)://ssohost:ssoport/saml/metadata. IdP can download the provider ce...

My Stats

dan_bryan_alph's Bio

Badges inankanbur Earned

Recent Activity

How to validate a SAML assertion with no KeyInfo

Re: How to validate a SAML assertion with no KeyInfo

Re: Preflight request with OAUTH

Re: Dynamically pickup KVM depending upon consumer.

Re: Refresh token using client credentials

Re: Explanation of apigee-sso SAML service provider certificate