[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Questions related to SAMLv2.0
On Wed, Mar 12, 2014 at 2:32 PM, Security Developer <security.developer22@gmail.com> wrote: > > 1- How persistent name identifier will be established between IDP and > multiple SPs when using SAML webSSO profile? Practically speaking, Persistent NameIDs are created at the IdP and passed to SPs just-in-time, they are not prearranged in advance. > 2- When SAML assertion is received by SP. Does it validate the SAML > assertion locally or it calls the IDP for SAML assertion validation? Well, it wouldn't make much sense for an IdP to validate its own assertion. The SP validates the assertion according to the SAML spec. The SP verifies the signature on the assertion using a key obtained out-of-band, often via trusted metadata. > 3- In which request form SAML assertions pass from one SP to another and so > on in order to achieve webSSO? In my world, anyway, assertions travel from IdP to SP only. The only exception is the IdP Proxy (which you can read about in SAML Core). In that case, the IdP Proxy is both a consumer and producer of assertions, that is, it is both an SP and an IdP. Hope this helps, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]