[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?
> QUESTION: How does the car rental service identify to the > airline the person for which authentication information is > requested? All that the car rental service knows is that an > HTTP GET was issued to this URL: The car rental service doesn't need to know this. Essentially, with an AuthnRequest to the IdP, the Car Rental Service is saying "Hey, can you tell me my nameid for the user who is in control of this browser?" The IdP may do many different things at this point including: a) promting the user to authenticate b) saying "no, I can't" to the car rental agency c) asking the user which identity they want to expose to the car rental agency. They key here is that the car rental agency wants to know who dereferenced the URL. Note that if they do know who the user is (or think that they do) they can specify the id that they think it is in the subject on the AuthnRequest, although most SPs don't. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]