2
votes
Integration with multiple SSO's
There are two options:
Some SSO providers allow you to go through them to integrate with other SSO providers. Your application would only deal with one provider and one data format. Through ...
- 85.9k
2
votes
Integration with multiple SSO's
The auth process needs some way of telling which provider to use. But you don't need three sites. Just three urls.
Deploy the site with multiple domain name bindings and read the url the client is ...
- 84.4k
2
votes
Accepted
Why do we need to validate the SAML Response that came from IdP? (unless you are using http)
Here is the SAML flow
The user accesses the remote application using a link on an intranet, a bookmark, or similar and the application loads.
The application identifies the user’s origin (by ...
- 84.4k
2
votes
Accepted
Should an Identity Provider be a separate web application than a Authentication system
Keep them separate because then it is easier to establish that they are each secure. For example, an injection defect in one cannot then compromise the other.
An IdP should be on separate hardware ...
- 81
1
vote
Best way to store Session token on mobile App
Store them as Shared preference
. Those are by default private, and other apps cannot access them. On a rooted devices, if the user explicitly allows access to some app that is trying to read them, ...
- 359
1
vote
How to secure web services when authentication is done at client side (frontend)
That webapi without authentication is a security risk. As you are already using SAML look into the Wikipedia page as a starting point. On the graphic at the bottom your webapi is the service provider
- 2,355
Only top scored, non community-wiki answers of a minimum length are eligible