saml-dev message

Subject: RE: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?

From: "Cahill, Conor P" <conor.p.cahill@intel.com>
To: "Tom Scavo" <trscavo@gmail.com>,"Costello, Roger L." <costello@mitre.org>
Date: Tue, 9 May 2006 12:37:02 -0700

 


> Clicking on the link initiates an AuthnRequest to the 
> airline's SSO service.  The basic idea goes all the way back 
> to the IdP-first scenario of SAML 1.1.
> 
> Is there something I'm missing here?  Is there some reason 
> why the SP must initiate the request?  If not, this is a 
> piece of cake. :-)

The main reason why people generally don't like the IdP-first 
model (which, as you said does work) is that it means that 
bookmarks or any form of direct access to the SP won't work.

So to support direct access, SP initiated SSO is very desirable.

There are, of course, other reasons (such as, the SP may not 
require authentication on every page and only when the user
tries to do something such as check out does it need the auth),
but the direct access is probably the most important.

Conor

Follow-Ups:
- Re: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?
  - From: "Tom Scavo" <trscavo@gmail.com>