OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02

Prateek/Rob,
Thanks for the explanation. Even though the user friendly way makes more
sense where you automatically get redirected to the content app after successful
login, I dont think we here have the time to support it. We may just
redirect to the the list of Urls, hope that would be ok.

Thanks

Bhavna

>Content-return: allowed
>Date: Mon, 20 May 2002 10:02:36 -0400
>From: "Mishra, Prateek" <pmishra@netegrity.com>
>Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02
>To: "'Philpott, Robert'" <rphilpott@rsasecurity.com>, "'Bhavna Bhatnagar'" 
<bhavna.bhatnagar@sun.com>, saml-dev@lists.oasis-open.org
>MIME-version: 1.0
>List-Owner: <mailto:saml-dev-help@lists.oasis-open.org>
>List-Post: <mailto:saml-dev@lists.oasis-open.org>
>List-Subscribe: <http://lists.oasis-open.org/ob/adm.pl>, 
<mailto:saml-dev-request@lists.oasis-open.org?body=subscribe>
>List-Unsubscribe: <http://lists.oasis-open.org/ob/adm.pl>, 
<mailto:saml-dev-request@lists.oasis-open.org?body=unsubscribe>
>List-Archive: <http://lists.oasis-open.org/archives/saml-dev/>
>List-Help: <http://lists.oasis-open.org/elists/admin.shtml>, 
<mailto:saml-dev-request@lists.oasis-open.org?body=help>
>List-Id: <saml-dev.lists.oasis-open.org>
>
>
>Bhavna,
>
>Rob has already discussed the main issue in his note: on unauthorized
>access, the content site offers a choice of inter-site portal
>URLs, and after user site selection the content site re-directs to the
>portal 
>site with TARGET
>set to a specific value. I had planned to describe this
>explicitly in the draft (as described in message
>
>http://lists.oasis-open.org/archives/saml-dev/200205/msg00042.html
>
>)
>
>but forgot to include this material in the draft. I will do
>so today so we are all on the same page tomorrow.
>
>- prateek
>
>
>>>> 
>>>> In D above, I am not sure what is the expected behaviour. 
>>>If we redirect
>>>> to portal login, then after logging in, one would be 
>>>displayed a content
>>>> page
>>>> with links to content hosted at distinct web sites, but I 
>>>would think
>>>> that the user would expect to be taken directly to
>>>> the content application after a successful login upon 
>>>redirection. Does
>>>> anyone think alike  or if not can someone please clarify 
>>>the expected
>>>> flow ?
>>>
>>>I think what was intended was just what is says - an 
>>>authenticated user
>>>hitting the content provider will get redirected to the 
>>>portal for login.
>>>However, the description should say more about what happens 
>>>next. After
>>>authenticating the user, the portal could have 2 choices.  
>>>
>>>First, the portal could display the links page that refers to the ISX
>>>(inter-site transfer) service.  The user would then have to 
>>>click to get
>>>back to the original content provider.  Of course the click 
>>>really gets them
>>>to the ISX with a TARGET= parameter and the ISX creates the 
>>>artifact and
>>>sends them to the remote artifact receiver URL.  That then 
>>>gets them to the
>>>content application once the assertion is retrived.  
>>>Obviously, getting the
>>>links page and clicking on it isn't very user-friendly.
>>>
>>>However, if the content provider redirects to the portal AND 
>>>supplies a
>>>TARGET= parameter on the redirect, the portal could 
>>>authenticate the user
>>>and transfer directly to the ISX service with the supplied TARGET=
>>>parameter.  The user would then not have to see the links 
>>>page.  As in the
>>>normal case, the ISX would create the artifact and send the 
>>>user back to the
>>>remote SAML artifact receiver.  Once the assertion is 
>>>retrieved, the user
>>>will see the content provider page they wanted. 
>>>
>>>The 2nd scenario is more user-friendly, but it requires a 
>>>vendor's content
>>>site to redirect to the portal with the TARGET= parameter.
>>>
>>>Can other vendors do this?  I am planning for us to handle 
>>>either method.  
>>>
>>>Prateek, could we update the scenario to describe this or do 
>>>we have to just
>>>stick with the first method? 
>>>
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>

________________________________________________________________________ 
Bhavna Bhatnagar                		Sun Microsystems Inc.		 
Identity Management group	 __o
Tel: 408-276-3591              _`\<,_	
                              (*)/ (*)
 ________________________________________________________________________

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC