Daniel IT Blog: 2013

Voir:

This element provides the means for a relying party to verify the correspondence of the subject with the party with whom the relying party is communicating. This is important for guarding against replay attacks, where an unauthorized user takes a SAML assertion from an earlier trapped message and reuses it for another message with a different SOAP body.

First definition from the standard:

bearer: the relying party will allow any party that bears the assertion. No specific steps are taken to establish the relationship. Protection of the SOAP message, if required, must be performed using a transport level mechanism or another security token, such as Kerberos, for message level protection
holder-of-key: the relying party will allow any party capable of demonstrating knowledge of specific key information to use the assertion
sender-vouches: the relying party will use other criteria in determining which parties should be allowed to use the assertion. The SAML token contains insufficient data for the relying party to trust the incoming message. The relying party must perform an additional verification step to confirm that the SAML token is trustworthy. The attesting entity, presumed to be different from the subject, vouches for the verification of the subject. An attesting entity uses the sender-vouches confirmation method to assert that it is acting on behalf of the subject of SAML statements attributed with a sender-vouches SubjectConfirmation element.

Other definition from this blog article:

holder-of-key: for this confirmation method, the outgoing soap envelope has been signed by the SOAP client. The STS (Secure Token Service, the SAML token/assertion generator) takes the public key of the SOAP client and places it in the SAML token it is creating, and signs the token with its own private key. Next, the SOAP client adds that SAML token to the SOAP header and constructs the SOAP body, signs it with its own key, and makes a SOAP client call. The web service provider validates that the SAML token came from an STS that it trusts (doable because the STS signed the token), and using the public key of the SOAP client within the SAML token, validates that the SOAP message as a whole came from that client.

The holder-of-key method is best when the SOAP client request is not yet available, e.g., if the SOAP client requests the SAML token and then creates the rest of the SOAP envelope. By placing the SOAP client's public key in the SAML token and subsequently signing it, the STS can vouch for whatever that SOAP client may wish to subsequently sign
sender-vouches: here, a user is authenticated with an intermediary using another mechanism such as username/password. After this is done, the intermediary requests a SAML token from an STS, a separate web service. The SAML token will contain the user's identity but, unlike the HOK method, no key information. The STS signs the assertion and sends it back to the intermediary, which in turn signs the assertion (again) and the rest of the SOAP request and finally sends the request to the web service provider. Here the intermediary is doing the vouching for the user by signing both the assertion and the SOAP body. To trust that the user has been authenticated, the web service provider must have a trusted relationship with both the intermediary and the STS. After validating the SAML assertion, the web service provider generates the response and sends it back to the intermediary, who forwards it on to the client.

Other definition from this blog article:

Subject confirmation methods are how a relying party (RP), in other words the end service, can make sure a particular security token issued by a Security Token Service (STS), is brought by the legitimate subject. If this is not done, a third party can take the token from the wire and send any request it wants including that token. RP will trust that illegitimate party. Following discuss these three methods.

The common aspect is, obviously, RP should always trust the STS.

bearer: this is actually not a confirmation method. Subject confirmation is not needed! The RP simply trusts whoever brings the token.
holder-of-key:

The STS includes the public key of the client inside the security token and signs it
Then before sending, the client itself signs the request
When the RP receives the request, it first validates the STS signature and then validates the client's signature with the public key embedded inside the token

sender-vouches:

Rather than authenticating with the STS, the client authenticates with an intermediary
The intermediary gets the security token from the STS
Then it signs the request and sends it to the RP
The RP trusts both the intermediary and the STS. So, it validates both of them.

Note:

If present, the <saml:SubjectConfirmation> element occurs within the subject element, and defines one or more methods (i.e., <saml:ConfirmationMethod> elements) by which the statement may be confirmed and will include a <ds:KeyInfo> element when any of the specified methods are based on demonstration of a confirmation key. The <saml:SubjectConfirmation> element also provides for the inclusion of additional information to be applied in the confirmation method processing via the optional <saml:SubjectConfirmationData> element

Daniel IT Blog

Friday 8 November 2013

Project Phases

Friday 25 October 2013

WebLogic JMS

Tuesday 15 October 2013

X Window Forwarding

Monday 7 October 2013

SAML SubjectConfirmation

Monday 13 May 2013

Putty with X Terminal and Much More

Thursday 11 April 2013

SMTP Relayer

Thursday 10 January 2013

Remove SOA Domain

Wednesday 9 January 2013

Oracle SOA Suite Installation on Windows 7 64 bits