what kind of assertion debug tool did you find?
You'll need first to make sure you are posting the entire message as the
bank instructed, the entire HTML post, not just the SAML
After that the only thing you can do is to see if your SAML assertion is in
a good SAML/XML format, with all required SAML elements. You'll need to talk
to your bank folks, they normally has detail debug info in their log.
Normally we don't expose these details for security reasons.
Not particularly familiar with OpenSAML. But from its web site, it says it
is a just library, and do not provide a complete SAML identity (IdP) or
service provider (SP). You'll need IdP and SP to get things working.
SAML itself is a fairly complicated process, there are at least five or six
steps behind the scene between clicking the SSO link to the landing page. I
found wikipedia has a good explanation of SAML. Google also provide some SSO
API. PingIdentity is a decent vendor with good document
Assuming the bank is the SP, they should tell you what URL your should post
SAML assertion to, URL of the landing page (optional), and attributes used
within SAML (assuming you are using browser post). You two also need to
exchange certificates for encryption and signature purpose.
Don't know mFoundry, however, SAML is a standard, the point to use standard
is to have a vendor independent solution. I can't think about a reason you
have to use mFoundry.
In PingFederate server, you can set up a Id
Now we meet a new problem. Our system is very old, still use Java 1.4. The
SAML I just create is using opensaml-2.3.3.jar which support by Java 1.5. I
have to go back opensaml-1.1.jar which support by Java 1.4.
Using org.opensaml.SAMLResponse in opensaml-1.1b.jar to create assertion
responses. The assertion response looks like: ......
1. you are supposed to return the above HTML to the client browser, as the
result/respones when user click the SSO link. The browser will POST the data
to the bank site by .
2. Value of SAMLResponse is based 64 encoded, and url encoded SAML assertion
. SAML Assertion uses XML. You should be able to read it and understand the
structure.
3. You are not sending keystore, you are suppose to send public key file.
Keystore is where Java reads keys f
why don't you just use some opensource SAML framework, so you can focus more
on business requirements. It'll be painful to manage federation parterners
when the business grows.
神學教育典範﹕神學生必讀書目
A CLASSIC SEMINARY EDUCATION:
My Recommended Reading List
What the 21st century longs and needs to see, are Christians and
churches w
ho have a message to proclaim. Do you know what you believe? Building one
's own theological foundation is a life time task. It may involve going to s
eminary, or it may not. Not everyone has that opportunity. Sadly, very oft
en a seminary degree does not mean a solid foundation in the doctrines of th
e Bible. However you can launch ou... 阅读全帖
It is easy to say than to do. He thought DOS worthy the investment and he
made it big. He also hired people to write windows code and made it popular
with legal means. He has vision too.
If you can see the potential and do something, you would be bill gates too.
the samle like chairman mao: he never fought with a gun at the frontline-if
he did, he would be killed long time ago-but he knew who he should hire and
HU-YOU others to die for his agenda. he succeeded and became a winner and
fucked a lo... 阅读全帖
If you have been following up with things you might not be surprised that we
have multiple software engineer positions here at Yahoo again! The openings
are mainly for Y! Membership team, which is in charge of all Y! account
life cycle management. The job duties include but are not limited to: large
scale system design, implementation and maintenance; concurrent programming,
web development using C/C++/PHP; Hadoop programing, etc. Whether you are a
freshly graduated/graduating student looking fo... 阅读全帖
I am working at application Security industry for a year, and I am still a
newbie:-) But I love to share my $0.02.
Knowledge and Skill sets:
If you are working in Web Security:
* Web technology stack, from the most basic principle like same domain
origin policy to latest technology like PostMessage, WebSocket etc.
* OWASP Top 10 Web Security Vulnerabilities
* Applied cryto. How to generate PRNG? How to store customers' password?
what is the crypto algorithms/libraries you are going to suggest d... 阅读全帖
Simply from Wiki:
Application security encompasses measures taken throughout the application's
life-cycle to prevent exceptions in the security policy of an application
or the underlying system (vulnerabilities) through flaws in the design,
development, deployment, upgrade, or maintenance of the application.
Applications only control the use of resources granted to them, and not
which resources are granted to them. They, in turn, determine the use of
these resources by users of the application t... 阅读全帖
send your resume to charlesriver2010 AT yahoo.com
software engineer 2(master or fresh graduate with 1/2 years is ok)
Location: San Jose, CA
Team:
As part of the Trust and Identity team in eBay you will be work on
products relating to Identity Services (Authentication,
Authorization, User Management, Identity verification
and Web Services security), Device Fingerprinting,
Account linking/entity resolution, and ID Federation
protocols (OAuth, SAML, WS-Security, OpenID, SCIM).
You will build and su... 阅读全帖
如果感兴趣,请站内你的email。
Job Description
FICO Identity Resolution Engine (IRE) is a leading entity resolution and
link analysis software solution. Using enterprise and third-party data,
FICO Identity Resolution Engine discovers social network relationships
between people, entities and activities and provides actionable fraud
analytics.
IRE is put to use in numerous industries across both public and private
sectors, to target the detection of organized fraud rings, financial crimes
through bust-out fra... 阅读全帖
【 以下文字转载自 JobHunting 讨论区 】
发信人: choosewhat (前半生靠运气,后半生靠人品), 信区: JobHunting
标 题: Application Security space in a nutshell
发信站: BBS 未名空间站 (Mon Dec 10 16:18:35 2012, 美东)
Simply from Wiki:
Application security encompasses measures taken throughout the application's
life-cycle to prevent exceptions in the security policy of an application
or the underlying system (vulnerabilities) through flaws in the design,
development, deployment, upgrade, or maintenance of the application.
Applications only cont... 阅读全帖
【 以下文字转载自 JobHunting 讨论区 】
发信人: choosewhat (前半生靠运气,后半生靠人品), 信区: JobHunting
标 题: Application Security space in a nutshell
发信站: BBS 未名空间站 (Mon Dec 10 16:18:35 2012, 美东)
Simply from Wiki:
Application security encompasses measures taken throughout the application's
life-cycle to prevent exceptions in the security policy of an application
or the underlying system (vulnerabilities) through flaws in the design,
development, deployment, upgrade, or maintenance of the application.
Applications only cont... 阅读全帖
It is not small sample. i have up to 1.2k hands for some of the regulars in
NL 25. most have at least 100 hand. read your data with care of course if
the samle size is small. Even if the sample size is big, you still need to
be careful reading the data.
For example,
if you are at button, raiase 3X JJ, sb who 3 bet 8% 3 bet you to 9X and you
know he is a regular 3 better so you 4 bet to 18X, he shoves all in 100X bb
, you need to be very careful here. He 3 bet 8% but it does not mean he will
5 b
OTHER TYPES OF BIBLICAL STUDIES PUBLICATIONS
聖經研究方面其他著作
There are some other books in the field of Biblical studies: a good
Bible a
tlas may be very helpful. Increasingly there are Chinese books published (w
ritten by Chinese authors) on textual criticism; Greek and Hebrew textbooks;
Greek and Hebrew Bibles; concordances based on the original languages, conc
ordances based on the English or Chinese Bible, and verse-by-verse interpret
ation of the original text (e.g. by A.T. Robertson). ... 阅读全帖
TEXTBOOKS ON SYSTEMATIC THEOLOGY 系統神學教科書
20世紀出版的改革宗系統神學教科書﹐最典型的是伯克夫的<<系統神學>>﹐可
惜還沒有
翻譯成中文。
For many years, the standard Reformed textbook is Louis Berkhof,
Systematic
Theology (Carlisle, PA: Banner of Truth, 1939; reprinted in numerous editio
ns). The contemporary edition has included another work, formerly called Th
e Introductory Volume, along with Systematic Theology. You should buy this
combined one-volume edition whenever possible! It is well worth the US $35-
40 investme... 阅读全帖
SYSTEMATIC THEOLOGY: THEMES 系統神學﹕專題
Doctrine of the Knowledge of God / Doctrine of Revelation / Doctrine of Scri
pture
認識神﹐啟示論﹐聖經論
John Frame, The Doctrine of the Knowledge of God (Phillipsburg, NJ:
Presbyt
erian and Reformed, 1987). Translation into Chinese in progress, China Hori
zon
這是當代改革宗一本立場穩固﹐思路清晰﹐對福音派 (改革宗以外) 人士採溫和態
度的 "啟示論" 教科書。作者曾在耶魯大學攻讀邏輯﹐多年來在威敏斯特神學院 (費
城校本部﹐和加州校園) 任教﹐近年來在改革宗神學院任系統神學教授。
巴刻在<<基要主義與神的道>>裡為聖經的權威辯護﹐也處理了信心與理性的關
係。本書
的著作﹐是為了回應1950年代英國聖公會自由派的一位主教攻擊基要派。因此... 阅读全帖
神学,或称 “教义” (dogma)的传承 ,是每一代教会必须承担的任务。正统的神学的
工作,就是整理正统解经的成果,述说整本《圣经》对于一些问题的整体教导 (what d
oes the whole Bible say about an issue)。2000年来的教会,凡是正统的信仰都是基
于上帝在《圣经》的启示。正统的信仰,只有一个。那么,为什么每一代的教会需要重
新的宣讲神学,重... 阅读全帖
Don't use session. It will work, not the best pratice.
I strongly suggest anybody who wants to learn .NET to check out the IBUYSPY
sample. It's the best samle I've seen so far.
The
use
login?
authorization
same