[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Authentication on IDP.
This is out of scope for SAML, but I'm guessing that most IdPs will either a) have a certificate registered for a particular user or b) they will have a requirement that user identity information be present in the signed certificate (this is how many web sites do client-auth ssl).
- do we have 1 certificate for all the request at the IDP ? IMPORTANT: but then how the IDP (and in the end the SP) distinguish which user is that request from?
User A access SPA.SPA redirect to IDP asking for a Certificate based authentication.IDP perform this but (unless I'm wrong) the certificate wouldn't contain any info specific to the user but mainly keys info.in this case the IDP has to also identify the user in order to reply with a subject to the SP. I guess it would perform a Userid/password (basic auth)authentication.I guess this is reasonable to expect from the IDP.
I'm guessing that if the IdP were to do what you are describing, they would define a new class that was along the lines of ...PasswordClientTLS (what I would consider to be "stronger" than ...PasswordProtectedTransport).Now What is the Auth context he is going to send back ?Certificate based authentication ?User Id/ password ?or both ?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]