A Developer's Guide to SAML

  Рет қаралды 191,778

OktaDev

OktaDev

Күн бұрын

Пікірлер: 121
@kepler_iii9373
@kepler_iii9373 9 ай бұрын
Okta's technical guides around identity never disappoint!
@joneslt
@joneslt Жыл бұрын
This was fantastic! There are too many people out there attempting to post technical instructional videos who don't really have an in depth understanding of the material, or don't know how to explain it. This was a rare find. Thanks for posting!
@mumk
@mumk Ай бұрын
I totally feel this
@willhu4272
@willhu4272 3 жыл бұрын
It's the best video that explains the whole story of SAML. The extraordinary part is explaining "Most common weak points" start from 17:32!
@beeramkrishnnareddy8846
@beeramkrishnnareddy8846 Жыл бұрын
M A
@pravin24it
@pravin24it Жыл бұрын
Best thing I found on KZbin for SAML security audit. Thank you very much for detailed information about SAML including the flows.
@gregorycook5305
@gregorycook5305 Жыл бұрын
I know this video is old but it's still chock full of information. Thank you for the video sir.
@andresau90
@andresau90 2 жыл бұрын
THE BEST video for developers to keep things secure!
@jongpac2
@jongpac2 7 ай бұрын
This is the best lecture I have seen including school to online tutorials, I love you!!!
@yousifbodagh2113
@yousifbodagh2113 4 ай бұрын
The best video on KZbin covering this topic.
@kolcha
@kolcha Жыл бұрын
Very well organized guide and superbly presented. You are excellent teacher. Thank you.
@JJ89MK12
@JJ89MK12 2 жыл бұрын
Correct me if I'm wrong, but as I understand it SSO only happens when a user performs an Identity Provider Initiation. By providing your credentials to the Identity Provider once, the Identity Provider can send SAML responses toward any application or service you're trying to use. However, if as a user you're required to start the SAML process with the Service Provider first (Service Provider Initiation), then a SAML Request is sent to the Identity Provider who in turn returns a SAML Response. This interaction is only valid for that one, specific Service Provider, not all Service Providers, meaning that you'd have to repeat this login process again for any other application you might want to use. In other words, for any Service Provider that requires you to begin the authentication process with itself first, you're going to be redirected somewhere to provide your login credentials. If you have 3 Service Providers asking to begin the process with each of them, then you're not really participating in a Single-Sign-On experience -- Is this correct?
@maxwellkgalema5568
@maxwellkgalema5568 2 жыл бұрын
That's a good question and I believe the answer is yes, you not participating.
@ShijenN
@ShijenN 2 жыл бұрын
Great question!!! Did you get the answer for this ?
@jano.5485
@jano.5485 Жыл бұрын
Yes and no. If the authentication towards the IdP is also done via SSO (for example Kerberos in a Windows Active Directory environment), then it does not matter how many SAML requests are passed to the IdP, it all happens transparently to the user. At least that is my understanding.
@tech_gadgets_maniac
@tech_gadgets_maniac 2 жыл бұрын
Best ever video on SSO... Simply love it
@LexDaBigG
@LexDaBigG 2 жыл бұрын
Best video on SAML ever! Kind had to grin at 7:02 where he talks about the convenience feature of saml metadata! Real shame that okta lacks the upload SP metadata feature ;-) this is quite standard for other IDPs
@ReviveNRepair
@ReviveNRepair Жыл бұрын
20:58 This could also be mitigated by making sure all the assertions in the SAML response are signed, right?
@vil9386
@vil9386 2 жыл бұрын
understood SAML from developers' view at last.... very easily... thank you 🦃
@dushmanta05
@dushmanta05 Ай бұрын
That was a very good explanation with the security concerns. Thanks.
@jonathanparker1927
@jonathanparker1927 Жыл бұрын
very nice, thanks for taking the time!
@321zipzapzoom
@321zipzapzoom 3 жыл бұрын
Concepts clearly told and upto Point, Could You do couple of more Videos on QnA involving guys to spend some time along revolving around common Usecases specific to Vendors.
@aroundthisprettyplanet
@aroundthisprettyplanet Жыл бұрын
OktaDev videos are the best ever in explaining the concepts! ❤ Would have been much better if you have explained SAML bindings
@OktaDev
@OktaDev Жыл бұрын
Noted! Thanks for your feedback and we are glad that you enjoy our videos.
@AdityaKumar-hy6fo
@AdityaKumar-hy6fo Жыл бұрын
Try this one kzbin.info/www/bejne/iafToYuYpdtga80
@rafaelbraga3d
@rafaelbraga3d Жыл бұрын
Awesome explanation, thanks a lot! Now I understand better this flow!
@OktaDev
@OktaDev Жыл бұрын
Glad it helped!
@hexchad765
@hexchad765 2 жыл бұрын
How would this change when using a CLP (Central Login Page) external to all of this
@MuhammadAwais-m5x
@MuhammadAwais-m5x Жыл бұрын
@OktaDev, In 'Limit the XML Parser" , is the sub heading 'Disable Document Type Definition (DTD) Fetching' wrong and ought to be 'Document Type Definition (DTD) Fetching? ( Felt like that from context )
@jayak3768
@jayak3768 Жыл бұрын
Sir can u clarify that all the SP - IP communication is via client browser and not directly between the two parties. Or is there a back channel between the two parties in addition to the client as the intermediary.
@OktaDev
@OktaDev Жыл бұрын
Thanks for watching the video. All the communication between SP and IdP shown in this video happens through the front channel (browser/user agent).
@murshidav5123
@murshidav5123 3 жыл бұрын
Nice once. The concept is clear now. Can you do a video on SAML + NodeJs
@NTICTECH
@NTICTECH 2 жыл бұрын
hello thanks for the explanation it was very helpful i want to know how to configure a saml with a loadbalancer i had problem that the load balancer doesn't sign on the SPs
@iwayworld3044
@iwayworld3044 Жыл бұрын
Http artifect binding in SAML , can u explain real use case and which kind of attack gets eliminated and how to use it
@suhaibshanaa508
@suhaibshanaa508 2 ай бұрын
How can we dockerize this process? and if each SP has different Data what is the good way to save it rather than clone each project and change the metadata and XML file and so on? Can you help?
@JohnSmith-wz7he
@JohnSmith-wz7he 3 жыл бұрын
Awesome effort . Very good. Thank you for spending the time to make this presentation
@drenyl6491
@drenyl6491 Жыл бұрын
How to generate SAML request xml? Should the developer of the application generate and supply value on the xml tags?
@victorenoma9131
@victorenoma9131 25 күн бұрын
Thank you man. Beautiful piece
@jagdeepsingh-rx7tw
@jagdeepsingh-rx7tw Жыл бұрын
@oktadev is there a difference between calculation digest value for saml version 1.0 and 2.0?
@ahmetcetin3432
@ahmetcetin3432 3 жыл бұрын
Great, beneficial introduction to SAML, thanks!
@728100
@728100 2 жыл бұрын
Great explanations regarding SAML like it.
@sreyas_sj
@sreyas_sj 7 ай бұрын
In a project that I'm working in, I want to redirect the user to Azure for validating the user, for that how do I redirect him to Azure and generate SAML SSO authentication req? How do I generate this XML req in code, didn't find any resources regarding this Any help would be great. Thanks
@shubhamsingh-gb5zh
@shubhamsingh-gb5zh Жыл бұрын
Amazing explanation 🙇‍♂️
@YuliyaTsukanava
@YuliyaTsukanava 11 ай бұрын
Really great explanation! Thank you so much!
@rashidmehraj8542
@rashidmehraj8542 Жыл бұрын
Excellent Video. TBH! i was confused earlier on how to read a SAML response.
@OktaDev
@OktaDev Жыл бұрын
Glad we could help! Please also check out these additional resources: auth0.com/blog/how-saml-authentication-works/ samltool.io/
@travel_and_dine4871
@travel_and_dine4871 Жыл бұрын
Hi sir, but how system is passing the username / email id in request to validate at IDP
@revathiramanadham3843
@revathiramanadham3843 3 жыл бұрын
Best explanation... Thank you.
@ajmags4731
@ajmags4731 Жыл бұрын
This has been very helpful!!!
@dimitro.cardellini
@dimitro.cardellini Жыл бұрын
Really useful video! Thanks a lot
@vipinkoul595
@vipinkoul595 11 ай бұрын
why do we need to have user profile at Service provider? I am under the assumption that all user details are only in IDP, and not in SP. why do we need to have user details in SP? In that case, can't we skip SSO and login directly into SP if SP is also having user details. Doesn't having user details in IDP and SP keep information at two places? Can anyone help explain it, please.
@TedS-yt2yg
@TedS-yt2yg 10 ай бұрын
If you are allowing users to login directly or use IDP, the profile will need to be stored on the SP side. Even if IDP is the only login solution, a minimum of information needs to be stored on the SP side to determine who logged in using the IDP - probably an email address. The email address provided by the IDP needs to match an email address on the SP side. There are alternatives to this as can be seen in the provisioning section.
@Jacobra60
@Jacobra60 2 жыл бұрын
Good video. Could you show viewing and debugging SAML requests/responses in Chrome or FF. Also can you show some examples of claims rules.
@jjrock11
@jjrock11 3 жыл бұрын
Nice work, Nick!
@AbhishekSen
@AbhishekSen Жыл бұрын
Fantastic video!
@smohanty3507
@smohanty3507 3 жыл бұрын
thats what I am looking for..perfect explanation
@gdocs1307
@gdocs1307 3 жыл бұрын
Identity Provider means that all users has to be registered there with actual credentials?
@vishalgarg7102
@vishalgarg7102 3 жыл бұрын
No , Actual credentials are saved in Database . Generally IDP communicate with DB for authentication
@abhishekrai4325
@abhishekrai4325 3 жыл бұрын
Thank you so much for this. Amazing explanation !
@Testacabeza
@Testacabeza Жыл бұрын
Excellent video.
@olmanmora21
@olmanmora21 2 жыл бұрын
27 minutes on youtube sometimes is way better than 4 hours in a lesson room.
@DigitalStrike_Old
@DigitalStrike_Old 2 жыл бұрын
This is the best video explaining SAML
@karankanojiya7672
@karankanojiya7672 3 жыл бұрын
Excellent Sir !
@jdsprankle
@jdsprankle 2 жыл бұрын
Amazing video, very clearly explained
@rajendrakumarnagraj4690
@rajendrakumarnagraj4690 8 ай бұрын
Very well explained. Thanks
@durangodave
@durangodave Жыл бұрын
Great video thank you, well done. However i do have to disagree with you on one thing, using a SSO may be more convenient but it is less secure. The best security IMO is to keep PW under personal care and just find a way to remember them. This is less convenient but the fewer parts involved in security validation the better. It is similar to telling noone your password vrs telling 5 friends with the promise they wont tell anyone. Security is only as good as the weakest link and the more links involved the less secure IMO. I code for SSO but i do not use SSO personally. Each of us must make the choice based on convenience.
@vadivelan4228
@vadivelan4228 Жыл бұрын
Good one. Thank you.
@yashgangrade5460
@yashgangrade5460 9 ай бұрын
Totally worth it.
@sunnyd9878
@sunnyd9878 11 ай бұрын
Just great awesome explanation
@nagap4231
@nagap4231 Жыл бұрын
Simply Superb
@lizermo2191
@lizermo2191 2 жыл бұрын
I love u man. Thanks to you, I'll probably get a better job. I'll keep you updated
@g2D1
@g2D1 Жыл бұрын
Terrific!
@gabrielvinante
@gabrielvinante 2 жыл бұрын
now i understand! great explanation. do you have a video using simpleSamlPhp? thanks in advance
@samyakjain5974
@samyakjain5974 2 жыл бұрын
Can you explain a bit on how to Validate a signature
@jondo-vh8tx
@jondo-vh8tx 9 ай бұрын
very well explained
@neadlead2621
@neadlead2621 Жыл бұрын
very very very good one
@gandarmarc2059
@gandarmarc2059 2 жыл бұрын
Very clear
@АлександрБорискин-т7к
@АлександрБорискин-т7к 3 жыл бұрын
Perfect explanation, thanks!
@oleksandrlytvyn532
@oleksandrlytvyn532 2 жыл бұрын
Thanks
@danielromerolevy3075
@danielromerolevy3075 3 жыл бұрын
Awesome explanation!
@PaulFidika
@PaulFidika 2 жыл бұрын
Why is he only talking into my right ear?
@germanmartin8778
@germanmartin8778 2 жыл бұрын
Thanks you so much, for explain SAML
@mlfman
@mlfman 3 ай бұрын
This is awesome
@PriyankRupareliya
@PriyankRupareliya 2 жыл бұрын
Thank you, this is gold
@fsams068
@fsams068 3 жыл бұрын
Very clear, thanks a lot for that!
@ФаррухИмамбердиев-в7м
@ФаррухИмамбердиев-в7м Жыл бұрын
Excellent explanation, thanks. I finnaly understand SAML and difference beetwen this protocol and OAuth/OpenId Connect. I alse recommend watch video about OAuth/OpenId Connect by Nate Barbettini in this chanell
@OktaDev
@OktaDev Жыл бұрын
You are welcome! That video from Nate is great!
@esra_erimez
@esra_erimez 2 жыл бұрын
Fantastic!
@ashannaveen9946
@ashannaveen9946 3 жыл бұрын
Good explanation.
@saisrivastavatumuluri9291
@saisrivastavatumuluri9291 3 жыл бұрын
i like the security part of the vedio
@davidaustin967
@davidaustin967 2 жыл бұрын
great guide - thanks for video
@MrWaf007
@MrWaf007 Жыл бұрын
attrubtes?
@hassaneloufir8440
@hassaneloufir8440 3 жыл бұрын
thank you so much, grand respect.
@sudipghosh7253
@sudipghosh7253 3 жыл бұрын
Clean and perfect 🔥
@muhammadusamaalvi6910
@muhammadusamaalvi6910 2 жыл бұрын
very well explained.
@SaikiranMurthy
@SaikiranMurthy 2 жыл бұрын
this was good , however i need some more info on Canvas vs SAML
@focalpointcdw9731
@focalpointcdw9731 2 жыл бұрын
Great video
@wegwerfDave
@wegwerfDave 3 жыл бұрын
Really good
@ghanshyamkhatri3541
@ghanshyamkhatri3541 3 жыл бұрын
simply Wow!!!
@nouribenz
@nouribenz 3 жыл бұрын
Thanks for ur time
@swedixx65
@swedixx65 3 жыл бұрын
Great video! :)
@SJPYT
@SJPYT 2 жыл бұрын
Thanks mate!
@mohamedhashish216
@mohamedhashish216 2 жыл бұрын
Thank you so much
@khaledyalraymi2468
@khaledyalraymi2468 2 жыл бұрын
Thank you.
@rezakhan9973
@rezakhan9973 3 жыл бұрын
Perfect - thanks
@JessicaMartinez-kd7vx
@JessicaMartinez-kd7vx 2 жыл бұрын
Good stuff
@stackunderflow5951
@stackunderflow5951 3 жыл бұрын
Well, it's better to walk through a SAML workflow and then explain the SAML terms and concepts. It will be more clear.
@dsldsl6460
@dsldsl6460 9 ай бұрын
This is a good answer to why is still easy to hack a big company :)) . The pour dev has to be extra carefull when configuring the xml parser :)))
@purplepanther4153
@purplepanther4153 2 жыл бұрын
Confusing.
@LadyLatency
@LadyLatency 2 жыл бұрын
ATTRUBTES!!
@deanliu7125
@deanliu7125 2 жыл бұрын
It is funny that you speak of OIDC as a replacement for SAML. Meanwhile Okta still does not support OIDC for SCIM provisioned application, forcing me to learn about this SAML in the first place...
@clickdilip
@clickdilip Жыл бұрын
It still doesn't and I'm forced to use SAML too
@clickdilip
@clickdilip Жыл бұрын
can we use event hooks in Okta for this purpose?
@whirled_peas
@whirled_peas 2 жыл бұрын
Really useful intro but bro, I think your sweater was on inside out
@fatal510
@fatal510 2 жыл бұрын
What a joke of a system. No one should be using SAML and we just need to migrate away from this shit.
@purplepanther4153
@purplepanther4153 2 жыл бұрын
Indeed Bunch of Shit
An Illustrated Guide to OAuth and OpenID Connect
16:36
OktaDev
Рет қаралды 624 М.
Introduction to SAML - Chalktalk on what is it, how it is used
32:03
1% vs 100% #beatbox #tiktok
01:10
BeatboxJCOP
Рет қаралды 67 МЛН
My scorpion was taken away from me 😢
00:55
TyphoonFast 5
Рет қаралды 2,7 МЛН
Getting Started with Spring Boot and SAML
27:27
OktaDev
Рет қаралды 18 М.
SAML 101 with Questions for CISSP , CCSP Exam Prep
29:48
Prabh Nair
Рет қаралды 32 М.
Everything You Ever Wanted to Know About OAuth and OIDC
33:21
OAuth 2.0 and OpenID Connect (in plain English)
1:02:17
OktaDev
Рет қаралды 1,8 МЛН
A Developer's Guide to SCIM
43:13
OktaDev
Рет қаралды 31 М.
How to Hack OAuth
25:10
OktaDev
Рет қаралды 44 М.
HTTPS, SSL, TLS & Certificate Authority Explained
43:29
Laith Academy
Рет қаралды 147 М.
Intro to the Zig Programming Language • Andrew Kelley • GOTO 2022
50:14
Single and multi-tenant applications in Microsoft Entra ID
1:18:25
Tech Mind Factory
Рет қаралды 17 М.
1% vs 100% #beatbox #tiktok
01:10
BeatboxJCOP
Рет қаралды 67 МЛН