OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02



Bhavna,

Rob has already discussed the main issue in his note: on unauthorized
access, the content site offers a choice of inter-site portal
URLs, and after user site selection the content site re-directs to the
portal 
site with TARGET
set to a specific value. I had planned to describe this
explicitly in the draft (as described in message

http://lists.oasis-open.org/archives/saml-dev/200205/msg00042.html

)

but forgot to include this material in the draft. I will do
so today so we are all on the same page tomorrow.

- prateek


>>> 
>>> In D above, I am not sure what is the expected behaviour. 
>>If we redirect
>>> to portal login, then after logging in, one would be 
>>displayed a content
>>> page
>>> with links to content hosted at distinct web sites, but I 
>>would think
>>> that the user would expect to be taken directly to
>>> the content application after a successful login upon 
>>redirection. Does
>>> anyone think alike  or if not can someone please clarify 
>>the expected
>>> flow ?
>>
>>I think what was intended was just what is says - an 
>>authenticated user
>>hitting the content provider will get redirected to the 
>>portal for login.
>>However, the description should say more about what happens 
>>next. After
>>authenticating the user, the portal could have 2 choices.  
>>
>>First, the portal could display the links page that refers to the ISX
>>(inter-site transfer) service.  The user would then have to 
>>click to get
>>back to the original content provider.  Of course the click 
>>really gets them
>>to the ISX with a TARGET= parameter and the ISX creates the 
>>artifact and
>>sends them to the remote artifact receiver URL.  That then 
>>gets them to the
>>content application once the assertion is retrived.  
>>Obviously, getting the
>>links page and clicking on it isn't very user-friendly.
>>
>>However, if the content provider redirects to the portal AND 
>>supplies a
>>TARGET= parameter on the redirect, the portal could 
>>authenticate the user
>>and transfer directly to the ISX service with the supplied TARGET=
>>parameter.  The user would then not have to see the links 
>>page.  As in the
>>normal case, the ISX would create the artifact and send the 
>>user back to the
>>remote SAML artifact receiver.  Once the assertion is 
>>retrieved, the user
>>will see the content provider page they wanted. 
>>
>>The 2nd scenario is more user-friendly, but it requires a 
>>vendor's content
>>site to redirect to the portal with the TARGET= parameter.
>>
>>Can other vendors do this?  I am planning for us to handle 
>>either method.  
>>
>>Prateek, could we update the scenario to describe this or do 
>>we have to just
>>stick with the first method? 
>>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC