[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Does John Doe actually have to hit a Submit button to send the encrypted Authentication Response to CarRentalInc?
The common solution is to
use the SAML artifact message which typically can be done totally within an HTTP
Redirect message, requiring no user
interaction.
If the IdP chooses to use
the BrowserPost profile, they will typically include Javascript that
automatically runs when the form is loaded in the browser and submits the
form. Of course, fi the user has javascript disabled (not too likely
nowadays), the form will show as a button that must be selected by the user --
but that typically isn't an issue as most have javascript
enabled.
In neither case is the
work done "behind the scenes" as the browser has to go to CarRentalInc and John
should see that happen. In the FormPost, the assertion data will
typically be in a hidden field on the form so the user doesn't physically see it
(and of course, in the artifact model they don't see it
either).
Conor
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]