OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] AuthnQuery on Synchronous Bindings


> WSS could be used to do a back-channel (sync) binding. I 
> don't believe there is any way in Saml to do an 
> authentication request using a sync binding.

Sure there is. There just aren't any profiles that directly describe this at
the moment, unless you include the ECP thing, which is "sort of" synchronous
in that it sends the request to the IdP using SOAP.

WSS is a way of authenticating during the sending of a SOAP message, but at
least in terms of SAML, a SOAP profile might be:

- SP responds to SOAP request with a fault (or maybe just an application
response) containing an AuthnRequest.

- Agent sends AuthnRequest to IdP using SOAP, authenticating however it
wants (WSS being one way)

- IdP responds with SAML Response

- Agent delivers SAML Response to SP and receives security context and
possibly application data

There are obviously lots of variables one could have, like whether the agent
should just extract the assertion itself and use WSS in the final step, or
having the agent use metadata to determine what it needs and just issue the
AuthnRequest itself to the IdP.

It's quite possible, it's just not profiled.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]