[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] session in AuthnStatement
> the SAML2.0 core specification says that the SessionIndex > attribute is used for the session between a principal and the > authenticating authority. What is the intention of this > attribute? Can it be used to find the authenticating authority? the intention of this attribute is to be able to differentiate between different authenticcation sessions of the principal at the same relying party. So a user could be authenticated to the same IdP and visit the same SP from multiple computers. Each SSO session would be independent, so when the user logged out from their SSO session on computer 1, the IdP could send single-logout messages to the SP without impacting the user's session on computer 2. > And is it possible to save the session between a subject and > a service provider? Perhaps as an extension in the AuthnContext? I'm not sure what you're asking here. The SSO session index is only used to differentiate between simultaneous independent SSO sessions with the IdP and not to track any other information about the session. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]