OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?


 
> QUESTION: How does the car rental service identify to the 
> airline the person for which authentication information is 
> requested?  All that the car rental service knows is that an 
> HTTP GET was issued to this URL:

The car rental service doesn't need to know this.  Essentially,
with an AuthnRequest to the IdP, the Car Rental Service is 
saying "Hey, can you tell me my nameid for the user who is
in control of this browser?"

The IdP may do many different things at this point including:

a) promting the user to authenticate
b) saying "no, I can't" to the car rental agency
c) asking the user which identity they want to expose to
   the car rental agency.

They key here is that the car rental agency wants to know
who dereferenced the URL.

Note that if they do know who the user is (or think that
they do) they can specify the id that they think it is
in the subject on the AuthnRequest, although most SPs 
don't.

Conor


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]