Howdy,
I’m new to the list hopefully
these won’t be asked and answered. I did a google search and couldn’t find the
answers. I’m working on a SSO solution here at UCSD. We have decided to use
SAML as part of the overall solution. I’m in the process of implementing an
authentication service that will work with all our web based applications and
eventually will also work with mainframe and other fatter
apps.
My understanding of SAML is that
it happens after authentication has already taken place. Using the
browser/artifact profile of SAML is it evil to set things up so that when a
user is redirected to the Inter-site transfer service that it notices that
they have not authenticated and then prompts them to authenticate before
returning them back to the destination site?
The target element is used to
convey information about the desired target resource. How do we differentiate
between a target resource and the actual url that the users browser is
requesting? Should these things be the same all the time?
What should be the response when a
user has not authenticated or can not authenticate?
Is there a place that holds
a set of example SAML dialogs running through the standard use cases that I
can use to verify my understanding of the general workings of
things?
Thanks!
-gabe