authentication - LDAP vs SAML Authorization -

-

i'm investigating moving asset tracking system ldap saml. there 2 main areas our software uses ldap. first authentication. in order access system today need authenticate ldap , member of specified ldap group. part simple move on saml. we've utilized library handle of dirty work. , on idp can add claim authorize user. our second use of ldap throwing me loop.

today, each asset maintain has ability linked username. example, particular printer may belong 'someuser'. 1 of options our software gives administrator view/interact assets based on ldap user groups. administrator, may want update printers owned people in particular department. accomplish this, administrator create rule scoped ldap group 'departmentinquestion'. our software use service account connect ldap, create query see users our system in 'departmentinquestion', execute , use results determine assets should update.

so far searching have not been able find saml workflow analogous this. appears opportunity have asses 'someuser' when authenticate , access claims. in our workflow 'someuser' may never authenticate us. it's if we're using authorizing user on behalf of service account. there existing workflow i've overlooked during exploration? there other technologies support authorization in manner?

thanks input!

saml passport or visa. has (trusted) information can used know (e.g. name, dob) , infer can access (e.g. entrance country). can use properties in token query other systems additional information might associated (e.g. bank statement).

so, analogously, saml typically used authenticate users system (once trust it's origin), there're no provisions managing user profiles, or 'resources'.

authorization decisions, if any, made based on attributes associated user (e.g. group belongs to) , conveyed in claims in security token.

perhaps 1st questions answer why want move away ldap , thinking saml. because want accept users logging in own credentials? because want rid of ldap server altogether

you keep ldap server managing resources associated users, , authenticate users somewhere else. have now. correlate users "outside" , "inside" via common attribute (e.g. username, or id).

if want rid of ldap together, you'd need someplace else store information (e.g. app database).


Comments

Post a Comment

Popular posts from this blog

PHPMotion implementation - URL based videos (Hosted on separate location) -

-
i have implement video collection website users of specific isp. site hosted on public web-server movies hosted on local isp server. user of isp + general visitors can see available movies; isp's users able play them. player on site point url of local machine ( http://192.x.x.x/movies/mymovie.mov ) private class (192.x.x.x) accessible isp user. question: possible phpmotion script? or need custom work. if possible, can please suggest available mods? phpmotion require modifications able handle this. uploading, conversion, thumbnail generation, , playback pretty static in phpmotion. really though, rather modding entire upload , conversion process, if created quick custom form add entries phpmotion database (maybe include thumbnail upload), tweaked playback paths, should go on phpmotion side of things. assume had videos in format player handle (such flv or mp4).
Read more

javascript - Using Windows Media Player as video fallback for video tag -

-
getting video play cross platform using example video.js bit of fuss. in days when video should embedded use embed windows media player, work out of box on windows. since it's today old ie on windows doesn't support video tag experimented using windows media player fallback, , work well. what wonder here is, why haven't else solution? have missed something? code small, there's no flash files, cross domain issues or need of server working. works. so before develop further , add custom control , subtitles support wonder say. the code looks this: <video id="myvideo" style="width:640px; height: 360px;" autoplay data-wimpsource="http://esd.volvocars.com/dc/cdn/video/birds-on-a-wire.mp4"> <source src="http://esd.volvocars.com/dc/cdn/video/birds-on-a-wire.mp4" type="video/mp4" /> <source src="http://esd.volvocars.com/dc/cdn/video/birds-on-a-wire.webm" type="video/webm" />
Read more

c# - Unity IoC Lifetime per HttpRequest for UserStore -

-
i'm trying clean default implementation of accountcontroller.cs comes out of box in new mvc5/owin security implementation. have modified constructor this: private usermanager<applicationuser> usermanager; public accountcontroller(usermanager<applicationuser> usermanager) { this.usermanager = usermanager; } also, have created lifetime manager unity looks this: public class httpcontextlifetimemanager<t> : lifetimemanager, idisposable { private httpcontextbase _context = null; public httpcontextlifetimemanager() { _context = new httpcontextwrapper(httpcontext.current); } public httpcontextlifetimemanager(httpcontextbase context) { if (context == null) throw new argumentnullexception("context"); _context = context; } public void dispose() { this.removevalue(); } public override object get
Read more