Having some questions about SAML SSO in TRIRIGA


Our customer wants to use SAML SSO within TRIRIGA. This wiki article shows the procedure to set up the SAML SSO using WAS TAI, and after testing, it works. But I have still have some questions:

  • 1. It seems that the “Sign Out” link in TRIRIGA doesn’t invalidate the SAML SSO token. Can we customize the “Sign Out” link to do a real “Sign Out” on the IdP side?
  • 2. The “sso_<n>.sp.useRelayStateForTarget” property allows WAS TAI using the RelayState sent from IdP. Does TRIRIGA support the “RelayState”?

[Admin: For convenience, here are the meanings of the acronyms: Security Assertion Markup Language (SAML), Single Sign-On (SSO), WebSphere Application Server (WAS), Trust Association Interceptor (TAI), Identity Provider (IdP).]

Continue reading

2 thoughts on “Having some questions about SAML SSO in TRIRIGA

  1. Pingback: Is there a way to have 2 channels of authentication with one IHS? | TRIRIGAFEEDIA

  2. Pingback: Is there a way to implement SAML SSO with WebSphere Liberty? | TRIRIGAFEEDIA

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s