Shibboleth is a SAML standard-based single sign-on implementation. http://shibboleth.net/products/
SAML2 's introduction:
1. The Saml in my eyes
2. Oasis Official Documentation
Two words of the word SAML:
In SAML2 's web SSO (browser-based single sign-on, excluding app user authentication) model, there are two important roles: Service Provider (SP) and Iden
the Social Security card, when we go to the hospital to see a doctor, we need to take an ID card for a visit card. After the staff who run the card verify your ID card, your personal information will be entered into the card. When you go to a doctor's office, the doctor scans your medical card to get all your information. This medical card is equivalent to a token in claims authentication. each piece of information in the card is a claim.
The visiting card has two characteristics: (1) it c
communicate in one direction, and the same lease can be repeatedly sent to the receiver by the issuer. Even if the issuer occasionally fails to send lease, the issuer can simply be resolved by means of a re-send.
Machine downtime has little effect on the lease mechanism. If the issuer goes down, the
must send a message in the format of the Request Security token (RST) and return the message in the form of "rst response" (RSTR). In this section, assume that the issued token is the Security Declaration Markup Language SAML 1.1 or the SAML 2.0 token.
Figure 15-4 shows the core content of RST and RSTR when the active token is issued.
Figure 15-4 Token issuance of the active joint scheme
As shown in t
url
/j_spring_security_check
User name/password authentication by Usernamepasswordauthenticationfilter inspection
/j_spring_openid_security_check
Be openidauthenticationfilter check OpenID return authentication information
/j_spring_cas_security_check
CAS authentication based on the return of the CAS SSO login
/j_spring_security_login
When you configure the automatically generated login page, the URL that Defaultloginpa
data/node role and so on is valid, does not change.Features of the lease mechanism:
LEase issuance process only need to network can one-way communication, the same lease can be repeatedly sent to the receiver by the issuer. Even if the issuer occasionally fails to send lease, the issuer can simply be resolved by means of a re-send.
Machine downtime
different applications using the same account in the card.
5f36
Trading Currency Index
Implied decimal position from right of transaction amount as specified by gb/t12406-1996
5F50
Issuer Line URL
Store the location of the issuing bank server on the Internet
5f57
Account Type
Identifies the type of account selected in the tran
, and the other can bind the public key and its related information to the declared owner in a trusted way.This is the certificate mechanism. The certificate is an authoritative document in e-commerce. The certificate issuer must be trustworthy, it is issued by authoritative, trustable, and impartial third-party organizations. Certificates are a security mechanism that ensures the implementation and completion of PKI identity authentication, integrity
when generating certificates
Copy Code code as follows:
Geekso.save_key (' Jb51.net-private.pem ', callback=passphrase)
Use a certificate when using
Copy Code code as follows:
Readrsa = Rsa.load_key (' Jb51.net-private.pem ', passphrase)
Second, the X509 standard way to generate the certificate
1. Generate certificates, public key files, private key files
Copy Code code as follows:
Import time
From M2crypto import X509, EVP, RSA, ASN1
Def i
bidding and procurement, Online Signing, online office, online payment, online tax, and other online security electronic transaction activities.
The format of the certificate generally adopts the X.509 international standard. At present, the digital certificate certification center mainly issues Security Email certificates, personal and enterprise ID certificates, server certificates, and code signature certificates.
The digital certificate format follows the itutx.509 international standard. A
This series will introduce Web Services Security-related content, including technologies such as XML Signature, XML Encryption, SAML, WS-Security, and WS-Trust. In this series of articles, I will focus on its principles and my personal understanding of related technologies. In the continuously updated WSE series of MS, security is an important part. If possible, WSE can be used in combination with the principle for some technical practices.
Web Servi
Vmwareidentity Manager ( VIDM) is a powerful set of identity management systems developed by VMware. Users can use this system to achieve enterprise-class applications (including SAAS, virtual applications and desktops, native mobile applications,WINDOWS10 applications, etc.) Single sign-on, self-service store, multiple device support, policy-based access control, and more. In a nutshell: Customers can use the system to access applications or data on a private data center or public cloud platfor
.
The issuer uses its own private key to issue this digital certificate. It is called the digital certificate Center (CA ).
Let's look at an X509 digital certificate:
Stealth @ LYDIA: sslmim>./CF segfault.net 443 | OpenSSL X509-Text
Certificate:
Data:
Version: 1 (0x0)
Serial number: 1 (0x1)
Signature Algorithm: md5withrsaencryption
Issuer: c = Eu, St = segfault, L = segfault,
O = www.segfault.ne
/** ** ** ** ** @ Author ifwater* @ Version 1.0*//* The CA should use its own private key to issue a digital certificate. The CA's certificate does not contain information about the private key. Therefore, you need to extract it from the keystore mykeystore. In addition, since the issued certificate also needs to know the name of the CA, this can be obtained from the Xa certificate. Issuing a certificate is actually creating a new certificate. Here, Sun. security. the x509certimpl class created
certificate, such as the RSA algorithm;The name of the certificate issuer (CA). The naming rules are generally in the X.500 format;The validity period of the Certificate. Currently, general certificates generally use the UTC time format. The time range is from January 1, 1950 to January 1, 2049;Name of the certificate owner. The naming rules are generally in the X.500 format;Public Key of the certificate owner;The Certificate Authority (CA) digitally
DS smart card is a CPU card product developed by Philips. It was widely used by early chip manufacturers to develop and promote their COs. It is now like infineon (former Siemens semiconductor) and the former Philips semiconductor seldom promotes its cos, and most of the time it is focused on promoting its chips.
Phillips's DS Smart Card cos integrates the iso7816 and ETSI specifications (that is, SIM card specifications), and adopts a password verification method similar to SIM card in terms
Author: seven nightsSource: http://blog.chinaunix.net/space.php? Uid = 1760882 Do = Blog id = 93117
We all know that large portals such as Netease And Sohu all have the concept of "pass". This pass system is the "single sign-on system" discussed today ". Its main feature is that multiple sites have one user center. After one login, others also log on automatically and log off. For example, if we log on to the mailbox at 126 and go to 163.com, the logon status is displayed. It's like building
The above section describes the failure of Microsoft's passport and traditional SSO in the software architecture. Both of them need to store the user name and password in one place, so no one is willing to, unless one side is particularly strong, otherwise, neither Google nor Baidu is willing to compromise.
So how can we solve the storage problem of this user credential?
Let's take a look at the major European Schengen agreements. The Agreement sets out a single visa policy, that is, where a for
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.