ComponentSpace

Forums



SAML High-level API vs Low-level API


SAML High-level API vs Low-level API

Author
Message
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
The SAML v2.0 class library includes both high level and low level APIs. For the majority of use cases, it’s recommend the high level APIs are used as these provide the greatest ease of use. The low level APIs are available for when maximum flexibility is required.
The high-level API is implemented using the low-level API.

High-Level API
The high-level API offers the following advantages:
  • simple API supporting single sign-on and single logout
  • minimal code in the calling application
  • encapsulates the technical details of the SAML protocols, bindings and security
  • configuration-driven making it easy to add support for other partner sites with no code changes
  • maintains state to support single logout
Low-Level API
The low-level API offers the following advantages:
  • maximum flexibility
  • compatibility with pre-high-level API applications


Regards
ComponentSpace Development
earl
earl
New Member
New Member (0 reputation)New Member (0 reputation)New Member (0 reputation)New Member (0 reputation)New Member (0 reputation)New Member (0 reputation)New Member (0 reputation)New Member (0 reputation)New Member (0 reputation)

Group: Forum Members
Posts: 0, Visits: 26
ComponentSpace - 2/21/2014
The SAML v2.0 class library includes both high level and low level APIs. For the majority of use cases, it’s recommend the high level APIs are used as these provide the greatest ease of use. The low level APIs are available for when maximum flexibility is required.
The high-level API is implemented using the low-level API.

High-Level API
The high-level API offers the following advantages:
  • simple API supporting single sign-on and single logout
  • minimal code in the calling application
  • encapsulates the technical details of the SAML protocols, bindings and security
  • configuration-driven making it easy to add support for other partner sites with no code changes
  • maintains state to support single logout
Low-Level API
  • maximum flexibility
  • compatibility with pre-high-level API applications

Is it advisable to combine high-level and low-level APIs? For example, use high-level API for assertions via POST and low-level API for assertions via artifact binding? If not, what can you advise?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
Generally it's not advisable to combine the two APIs as the high-level API isn't aware of any calls your application makes to the low-level API.
However, if you don't combine the APIs within the same SSO session you should be ok.
For example, don't use the low level API for SSO and then the high-level API for SLO of the same user.
You could use the low-level API only for SSO sessions using HTTP-artifact and the high-level API only for SSO sessions using HTTP-Post.


Regards
ComponentSpace Development
estalillaj
estalillaj
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 2, Visits: 10
You guys mention that there is a high-level and low-level api that shouldn't in general be mixed. Is there a clear distinction between which classes fit into which?


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)ComponentSpace Development (2.9K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
Yes.
The high-level API classes are in the following namespaces:
ComponentSpace.SAML2
ComponentSpace.SAML2.Configuration
ComponentSpace.SAML2.Data

The primary high-level API classes are SAMLIdentityProvider and SAMLServiceProvider in the ComponentSpace.SAML2 namespace.

The low-level classes are in the following namespaces:
ComponentSpace.SAML2.Bindings
ComponentSpace.SAML2.Profiles
ComponentSpace.SAML2.Protocols


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









ComponentSpace Forums


Search