[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML 2.0 - Name Qualifier Question
Hi, >>TB does federate identifier. >>What I meant was the TB doesn't maintain any user
information in its repository (persistence). Once the user federates from
IDP to TB, TB verifies the saml response document and if it is valid then
maintains the user information(subject value and attributes) sent by IDP
in session and it then displays the list of websites the user can access (sp
websites). The user clicks on the website, TB federate the user information
(contains the value sent by IDP) to SP, the SP then validates and create
necessary credentials and route the user to website. This scenario can be broken into two IDP-SP
sub scenarios
< saml:NameID Format=" urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier=" idp1.com"> joe</ saml:NameID>
< saml:NameID Format=" urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier=" tb.com"> joe</ saml:NameID> Thanks, Mrigank. From: i2ware i2ware
[mailto:i2coder@gmail.com] Thanks Tom & Scott for the response. TB does federate identifier. What I meant was the TB doesn't maintain any user information in
its repository (persistence). Once the user federates from IDP to TB, TB
verifies the saml response document and if it is valid then maintains the user
information(subject value and attributes) sent by IDP in session and it
then displays the list of websites the user can access (sp websites). The user
clicks on the website, TB federate the user information (contains the value
sent by IDP) to SP, the SP then validates and create necessary credentials and
route the user to website.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]