tag:blogger.com,1999:blog-1816408742331555186.post5842597752608155654..comments2023-05-22T03:03:54.478-07:00Comments on Oracle Fusion Middleware Security: SAML, REST, smart phones and youChris Johnson (Oracle)http://www.blogger.com/profile/13331466366556759355noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-1816408742331555186.post-60811932839585178462010-09-14T14:53:02.902-07:002010-09-14T14:53:02.902-07:00@Pradeep and Johnny: Android doesn't have a SO...@Pradeep and Johnny: Android doesn't have a SOAP stack so there aren't any SAML related APIs in Android. The customer above was going to have to make all of their own code to grab the SAML assertion from the initial call. They were then going to send it using a custom, proprietary method.<br /><br />As for not entering their credentials in the client - perhaps something like OAUTH would do? That would allow the user to authorize a single device and software client without having to enter the credentials in the thick client. You'd still have to wire that into WebLogic or whatever you are using for your login system, but that's probably easier than the SAML solution above.<br /><br />Reach out to me by email if you'd like to discuss in detail - Christopher dot Johnson at Oracle dot com.Chris Johnson (Oracle)https://www.blogger.com/profile/13331466366556759355noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-24350842364768811742010-09-14T13:44:22.190-07:002010-09-14T13:44:22.190-07:00I'd like to second Pradeep's question and ...I'd like to second Pradeep's question and ask another one of my own. <br /><br />I'm currently stuck very much in a scenario like the one that you described, but our business partners don't want to enter our SSO credentials directly in the fat client (which is owned by the vendor). Do you have any thoughts on how to solve this issue?<br /><br />Thanks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-57704837729364867492010-07-17T11:22:27.459-07:002010-07-17T11:22:27.459-07:00We are also developing a thin client which send th...We are also developing a thin client which send the SAML assertion to the websites to prove user identity. Could you please let me know specifics of the libraries used in Android for SAML?Unknownhttps://www.blogger.com/profile/16413325237997072293noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-1494523121109757042010-05-19T09:05:35.901-07:002010-05-19T09:05:35.901-07:00While SAML (2.0) spec is all powerful, we have enc...While SAML (2.0) spec is all powerful, we have encountered significant limitation in Weblogic implementation. With Weblogic 10.3 (or 10.3.x), additional attributes are not supported, and instead one needs to rely on Groups or some other customized way to communite additional informtion between IdP and SP. Hopefully customized attributes will be supported soon in future WLS releases.Unknownhttps://www.blogger.com/profile/18192204059281219177noreply@blogger.com