[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02
Bhavna, Rob has already discussed the main issue in his note: on unauthorized access, the content site offers a choice of inter-site portal URLs, and after user site selection the content site re-directs to the portal site with TARGET set to a specific value. I had planned to describe this explicitly in the draft (as described in message http://lists.oasis-open.org/archives/saml-dev/200205/msg00042.html ) but forgot to include this material in the draft. I will do so today so we are all on the same page tomorrow. - prateek >>> >>> In D above, I am not sure what is the expected behaviour. >>If we redirect >>> to portal login, then after logging in, one would be >>displayed a content >>> page >>> with links to content hosted at distinct web sites, but I >>would think >>> that the user would expect to be taken directly to >>> the content application after a successful login upon >>redirection. Does >>> anyone think alike or if not can someone please clarify >>the expected >>> flow ? >> >>I think what was intended was just what is says - an >>authenticated user >>hitting the content provider will get redirected to the >>portal for login. >>However, the description should say more about what happens >>next. After >>authenticating the user, the portal could have 2 choices. >> >>First, the portal could display the links page that refers to the ISX >>(inter-site transfer) service. The user would then have to >>click to get >>back to the original content provider. Of course the click >>really gets them >>to the ISX with a TARGET= parameter and the ISX creates the >>artifact and >>sends them to the remote artifact receiver URL. That then >>gets them to the >>content application once the assertion is retrived. >>Obviously, getting the >>links page and clicking on it isn't very user-friendly. >> >>However, if the content provider redirects to the portal AND >>supplies a >>TARGET= parameter on the redirect, the portal could >>authenticate the user >>and transfer directly to the ISX service with the supplied TARGET= >>parameter. The user would then not have to see the links >>page. As in the >>normal case, the ISX would create the artifact and send the >>user back to the >>remote SAML artifact receiver. Once the assertion is >>retrieved, the user >>will see the content provider page they wanted. >> >>The 2nd scenario is more user-friendly, but it requires a >>vendor's content >>site to redirect to the portal with the TARGET= parameter. >> >>Can other vendors do this? I am planning for us to handle >>either method. >> >>Prateek, could we update the scenario to describe this or do >>we have to just >>stick with the first method? >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC