OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Implementation of SSO solution in intranet with proxy using SAML

> 1) The usecases described in the technical overview for web sso show a
> browser which goes first to the SP or IdP and accesses then the other
site.
> Redirects are used to point the browser to the one or other entity.
> In the above SSO usecase, the technical architecture differs in the fact
> that the browser can't access the SP directly. So the browser exchange
> messages with the proxy only.

Then the target app is not an SP. SAML browser SSO is between an IdP, SP,
and a client browser talking to both. That's it.

You can implement an SP in a reverse proxy that covers a lot of back-end
servers, but the SAML part ends at the proxy and the rest is up to the proxy
and the back-end to work out.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]