[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] AuthnQuery on Synchronous Bindings
> WSS could be used to do a back-channel (sync) binding. I > don't believe there is any way in Saml to do an > authentication request using a sync binding. Sure there is. There just aren't any profiles that directly describe this at the moment, unless you include the ECP thing, which is "sort of" synchronous in that it sends the request to the IdP using SOAP. WSS is a way of authenticating during the sending of a SOAP message, but at least in terms of SAML, a SOAP profile might be: - SP responds to SOAP request with a fault (or maybe just an application response) containing an AuthnRequest. - Agent sends AuthnRequest to IdP using SOAP, authenticating however it wants (WSS being one way) - IdP responds with SAML Response - Agent delivers SAML Response to SP and receives security context and possibly application data There are obviously lots of variables one could have, like whether the agent should just extract the assertion itself and use WSS in the final step, or having the agent use metadata to determine what it needs and just issue the AuthnRequest itself to the IdP. It's quite possible, it's just not profiled. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]