[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02
Prateek/Rob, Thanks for the explanation. Even though the user friendly way makes more sense where you automatically get redirected to the content app after successful login, I dont think we here have the time to support it. We may just redirect to the the list of Urls, hope that would be ok. Thanks Bhavna >Content-return: allowed >Date: Mon, 20 May 2002 10:02:36 -0400 >From: "Mishra, Prateek" <pmishra@netegrity.com> >Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02 >To: "'Philpott, Robert'" <rphilpott@rsasecurity.com>, "'Bhavna Bhatnagar'" <bhavna.bhatnagar@sun.com>, saml-dev@lists.oasis-open.org >MIME-version: 1.0 >List-Owner: <mailto:saml-dev-help@lists.oasis-open.org> >List-Post: <mailto:saml-dev@lists.oasis-open.org> >List-Subscribe: <http://lists.oasis-open.org/ob/adm.pl>, <mailto:saml-dev-request@lists.oasis-open.org?body=subscribe> >List-Unsubscribe: <http://lists.oasis-open.org/ob/adm.pl>, <mailto:saml-dev-request@lists.oasis-open.org?body=unsubscribe> >List-Archive: <http://lists.oasis-open.org/archives/saml-dev/> >List-Help: <http://lists.oasis-open.org/elists/admin.shtml>, <mailto:saml-dev-request@lists.oasis-open.org?body=help> >List-Id: <saml-dev.lists.oasis-open.org> > > >Bhavna, > >Rob has already discussed the main issue in his note: on unauthorized >access, the content site offers a choice of inter-site portal >URLs, and after user site selection the content site re-directs to the >portal >site with TARGET >set to a specific value. I had planned to describe this >explicitly in the draft (as described in message > >http://lists.oasis-open.org/archives/saml-dev/200205/msg00042.html > >) > >but forgot to include this material in the draft. I will do >so today so we are all on the same page tomorrow. > >- prateek > > >>>> >>>> In D above, I am not sure what is the expected behaviour. >>>If we redirect >>>> to portal login, then after logging in, one would be >>>displayed a content >>>> page >>>> with links to content hosted at distinct web sites, but I >>>would think >>>> that the user would expect to be taken directly to >>>> the content application after a successful login upon >>>redirection. Does >>>> anyone think alike or if not can someone please clarify >>>the expected >>>> flow ? >>> >>>I think what was intended was just what is says - an >>>authenticated user >>>hitting the content provider will get redirected to the >>>portal for login. >>>However, the description should say more about what happens >>>next. After >>>authenticating the user, the portal could have 2 choices. >>> >>>First, the portal could display the links page that refers to the ISX >>>(inter-site transfer) service. The user would then have to >>>click to get >>>back to the original content provider. Of course the click >>>really gets them >>>to the ISX with a TARGET= parameter and the ISX creates the >>>artifact and >>>sends them to the remote artifact receiver URL. That then >>>gets them to the >>>content application once the assertion is retrived. >>>Obviously, getting the >>>links page and clicking on it isn't very user-friendly. >>> >>>However, if the content provider redirects to the portal AND >>>supplies a >>>TARGET= parameter on the redirect, the portal could >>>authenticate the user >>>and transfer directly to the ISX service with the supplied TARGET= >>>parameter. The user would then not have to see the links >>>page. As in the >>>normal case, the ISX would create the artifact and send the >>>user back to the >>>remote SAML artifact receiver. Once the assertion is >>>retrieved, the user >>>will see the content provider page they wanted. >>> >>>The 2nd scenario is more user-friendly, but it requires a >>>vendor's content >>>site to redirect to the portal with the TARGET= parameter. >>> >>>Can other vendors do this? I am planning for us to handle >>>either method. >>> >>>Prateek, could we update the scenario to describe this or do >>>we have to just >>>stick with the first method? >>> > >---------------------------------------------------------------- >To subscribe or unsubscribe from this elist use the subscription >manager: <http://lists.oasis-open.org/ob/adm.pl> ________________________________________________________________________ Bhavna Bhatnagar Sun Microsystems Inc. Identity Management group __o Tel: 408-276-3591 _`\<,_ (*)/ (*) ________________________________________________________________________
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC