SAML for HTTP binding

I have a web service with SOAP-binding and SAML token being passed to it. It there any standard practice to apply SAML to HTTP-binding also? Could you propose any alternative?

(I need HTTP-binding because a want to use KVP requests and image/jpg mime type)


If your asking how do you authenticate an http request with a SAML token, the general answer is you don't. You authenticate to the service with a SAML token and then hand out a cookie for the http request. At least, this is how it is done for end users.

If your doing something with an API (e.g) a REST API , then you do something similar but without the cookie. You make an API call to authenticate,hand it a valid SAML token, and this gives you make a key, and you use those keys to sign (HMAC) the entire request. This can be done in the authorization header (which is the correct way to do it ) or appended as a paramater. The server checks the validity of the signature/HMAC on the message and if valid, executes API call.

This is a long disucssion of techniques. This is an MSDN article on doing so. Although its for C#,not java, the section on Security Considerations is directly applicable and the best I've found in some short googling.

Need Your Help

MOD_Rewrite directive to implement a catchall redirection

php apache mod-rewrite

In my website, there are three to four types of URLS (each can have different parameters to represent different pages). They are like,

Parse URL which contain string of two URL

javascript node.js url express

I've node app and Im getting in some header the following URL and I need to parse it and change the content of 3000 to 4000 ,How can I do that since Im getting "two" URLs in the req.headers.location

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.