[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML authority
On 9/14/06, Manuel Ernstberger <MErnstberger@gmx.de> wrote: > > although it might be a bit out of scope for SAML, I'd like to know how a SAML authority can gain information needed for creating assertions. Can it communicate for example with an LDAP directory? The act of authentication at the identity provider (IdP) *is* out of scope, but certainly LDAP authentication is common. The attribute authority at the IdP may also leverage LDAP to obtain attributes about a principal. > And how can it determine whether a subject has been authenticated to an SP? The IdP (not the SP) is responsible for identifying the principal, so I'm not sure I understand your question. An IdP in a particular SAML V2.0 implementation may maintain state that includes all the SPs it has issued assertions to (for the purposes of logout, e.g.) but the IdP is not aware of what access (if any) was granted at a particular SP. Hope this helps, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]