[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Question related to Subject Confirmation in SAML
On 3/18/14, 1:54 AM, "Security Developer" <security.developer22@gmail.com> wrote: > >I am little confused about the subject confirmation working in SAML. I >like to know, How subject conformation works in SAML using WebSSO profile? You don't have to understand it in depth to follow the profile, which tells you exactly what to put in, and exactly what to check. The purpose of subject confirmation is to limit or control who can present an assertion to authenticate to something as the subject, or under what conditions. Without subject confirmation, assertions are just data. They don't have security relevance in application protocols without subject confirmation. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]