Mechanism for facilitating dynamic and continuous testing of security assertion markup language credentials in an on-demand services environment

摘要

In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic and continuous testing of security assertion markup language (SAML) credentials in an on-demand services environment. In one embodiment and by way of example, a method includes identifying, at a computing device, an organization using a SAML process in an on-demand service environment, obtaining SAML credentials relating to the identified organization, and testing the SAML credentials relating to the identified organization. The testing includes asserting a set of test credentials against the SAML credentials relating to the identified organization. The method may further include generating one or more new codes based on testing results obtained from testing.

主权项

1. A method comprising:
receiving, by a computing device, a request, via an identity provider, to access one or more software applications hosted by a service provider in an on-demand service environment, wherein the request includes security assertions relating to at least one of an organization and a user seeking the access to the one or more software applications, wherein the user is associated with the organization; identifying at least one of the organization and the user based on the security assertions; dynamically and continuously performing, in runtime, testing of the security assertions at a testing cache, wherein testing includes comparing the security assertions against sample assertions relating to one or more of the organization, other organizations, and one or more access modes; generating, based on the testing, a new code or modifying an existing code relating to the security assertions; placing the security assertions into a testing cache prior to the testing, wherein the sample assertions include at least one of newly-received sample assertions and previously-received sample assertions relating to one or more of the organization, the other organizations, the one or more access modes; and dynamically deploying the generated and modified codes for processing future requests for access and subsequent automatic authentications relating to one or more of the organization, the other organizations, the user, other users, and the one or more access modes.