OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: new to OpenSAML


Hi,

Thanks for the diagram Jeff.

Also, early in this thread, Scott wrote: 

>Right, but AuthenticationQuery isn't used anywhere in the SSO profiles and
>it's entirely distinct from the use case being discussed

I guess there is a step (step 6 in the digram) where the replying
party has to send a SOAP/SAML Request to the SAML Authority i.e
AuthenticationQuery. The corresponding SAML Response can then contain
either Assertion with SAMLStatus=Success or just a SAMLStatus with an
appropriate message ( as in case of authentication failure etc).

Am I getting it right or am I misinterpreting ? 

My understanding of SAML2.0 and its difference w.r.t. SAML1.1
---------------------------------------------------------------------------------------
In SAML2.0 Web Browser Profile, the Assertion is returned directly in
response to the AuthnRequest made by an Relying party ( SP ) which is
different from SAML1.1 where "Browser redirect" was used for returning
Artifact to the Relying party; which then would send a SOAP/SAML
Request ( as mentioned above and also step 6 in the diagram ) to get a
corresponding Assertion in SOAP/SAML Response.

Also,does HTTP Artifact binding require both SP and IDP to send
artifacts first and then pull the actual request or response. Is this
is a replacement ( refinement ) of the Browser Artifact profile ?

I might sound bit confused but I am in a transition phase from SAML
V1.1 to SAML V2.0 ;)

Thanks in advance.

--Prasad.








On Tue, 27 Jul 2004 09:56:54 -0700, Jeff Hodges <jeff.hodges@sun.com> wrote:
> Scott Cantor wrote:
> >
> > You're also a little off. The 1.1 SSO profiles don't formally call out a
> > step that you can call an "authn request". The new 2.0 profile does, but 1.1
> > starts with the user at the source site, so authentication is pre-supposed.
> 
> This diagram may help illustrate how the v1.1 SSO works...
> 
> http://www.oasis-open.org/committees/download.php/7348/hodges-web-browser-profile-diagram-2004-06-19.pdf
> 
> Hope this helps,
> 
> JeffH
> 
> 


-- 
____________________________________

Who ate my software ?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]