[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Implementation of SSO solution in intranet with proxy using SAML
We have exactly the deployment you describe. We have always considered the "SP" part to be those proxy components on our perimeter, never the individual backend systems - another way to state what Scott said. Mike Beach Technical Fellow Chief Designer, Information Security The Boeing Company -----Original Message----- From: Scott Cantor [mailto:cantor.2@osu.edu] Sent: Wednesday, October 06, 2010 7:46 AM To: 'Oliver Wulff'; saml-dev@lists.oasis-open.org Subject: RE: [saml-dev] Implementation of SSO solution in intranet with proxy using SAML > 1) The usecases described in the technical overview for web sso show a > browser which goes first to the SP or IdP and accesses then the other site. > Redirects are used to point the browser to the one or other entity. > In the above SSO usecase, the technical architecture differs in the fact > that the browser can't access the SP directly. So the browser exchange > messages with the proxy only. Then the target app is not an SP. SAML browser SSO is between an IdP, SP, and a client browser talking to both. That's it. You can implement an SP in a reverse proxy that covers a lot of back-end servers, but the SAML part ends at the proxy and the rest is up to the proxy and the back-end to work out. -- Scott --------------------------------------------------------------------- To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org For additional commands, e-mail: saml-dev-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]