1. Home
  2. Lainnya

Local STS as IdP Default Case

OGC 07-118r9 28 Copyright © 2014 Open Geospatial Consortium

6.4.3.1 Local STS as IdP Default Case

In this use case, the RST with password is used; it contains no IdP identifier, so the authentication is performed locally by the STS itself. 9 Figure 5: Local STS as IdP Default Case Scenario: 1. The RST with password is sent to the STS using SOAP over HTTPS 10 . 2. The STS verifies the identity in the local user registry. 3. The STS creates a SAML token using attributes retrieved from the user registry. The SAML token is created containing assertion of the authentication and assertions regarding the attributes of the user. 4. The STS signs the SAML token using its private key. 5. The STS encrypts the SAML token with the Relying Partys public key see subsection 6.4.1.1 for the process of key retrieval. 6. The RSTR containing the signed and encrypted SAML token is returned to the Client using SOAP over HTTPS. 9 For people having read versions of the present document anterior to 0.3.0, the use case shown here unifies former use cases 1 and 3. The previous approach made a distinction between Federating IdP use case 1 and External IdP use case 3, although the RST protocol was the same. Further analysis has shown that this distinction is not relevant for the scope of the present Best Practice. 10 The HTTPS encryption mechanism protects against password disclosure in the communication channel. It is assumed, however, that the client takes the necessary steps to protect the password on his side. OGC 07-118r9 29 Copyright © 2014 Open Geospatial Consortium The client is unable to decrypt the content of SAML token present in the received RSTR; only the Relying Party can decrypt the SAML token using its private key. Example RST with password: ?xml version=1.0 encoding=UTF-8? wst:RequestSecurityToken xmlns:wst = http:docs.oasis-open.orgws-sxws- trust200512 xmlns:wsse = http:docs.oasis-open.orgwss200401oasis-200401-wss- wssecurity-secext-1.0.xsd wst:TokenType http:docs.oasis-open.orgwssoasis-wss-saml-token-profile-1.1SAMLV1.1 wst:TokenType wst:RequestType http:docs.oasis-open.orgws-sxws-trust200512Issue wst:RequestType wsse:UsernameToken wsse:Username JohnDoe wsse:Username wsse:Password MyPassword wsse:Password wsse:UsernameToken wst:RequestSecurityToken

6.4.3.2 Delegate STS as IdP

Dokumen yang terkait

GML 3.1.1 Application schema for Earth Observation products

0 0 94

OGC® Web Services Facade for OGC IP Engineering Report

0 0 12

OGC® Web Coverage Service 2.0 Interface Standard - Earth Observation Application ProfileWCS EO

0 0 79

OGC Service for Earth Observation Products Best Practice

0 0 71

OGC RESTful encoding of OGC Sensor Planning Service for Earth Observation satellite Taskingrest-sps-for-eo-tasking

0 0 117

OGC RESTful Encoding of Ordering Services Framework For Earth Observation Products

0 0 243

User Management for Earth Observation Services

0 0 83

OGC® Catalogue Services Standard 2.0 Extension Package for ebRIM Application Profile: Earth Observation Products

0 2 147

Prototyping User Interfaces in HyperCard

0 0 53

Monitoring and Metering User Interfaces

0 0 6