OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] WebSSO with transient and persistent name identifiers


> > If yes then how sessions will be managed at IDP and SP?
>
> That's a completely separate question...session management is out of
> scope with respect to SAML Web Browser SSO.

Depends on what you mean by "session".  No, it doesn't deal with mechanisms by which SP's and IdP's maintain browser session state when communicating with a web server, but the Web SSO profile has support for session indices so that the Single Logout protocol/profile can be implemented.

In order to support the SLO profile, an IdP has to maintain a list of SSO indices and SP's to which it has sent Web SSO assertions for creating SSO sessions.   There is quite a bit of discussion about it in SAML Core and the Profiles specs in the sections on the SLO protocol and profile.

Rob Philpott | EMC Distinguished Engineer | RSA, the Security Division of EMC
eMail: robert.philpott@rsa.com | Office: 781.515.7115 | Mobile: 617.510.0893

> -----Original Message-----
> From: Tom Scavo [mailto:trscavo@gmail.com]
> Sent: Saturday, August 02, 2014 7:02 PM
> To: Security Developer
> Cc: SAML Dev
> Subject: Re: [saml-dev] WebSSO with transient and persistent name
> identifiers
>
> On Sat, Aug 2, 2014 at 5:27 PM, Security Developer
> <security.developer22@gmail.com> wrote:
> >
> > Can I use persistent or transient name identifier in SAML webSSO profile?
>
> Yes, AFAIK, there are no restrictions on the name identifier used in
> SAML Web Browser SSO.
>
> > If yes then how sessions will be managed at IDP and SP?
>
> That's a completely separate question...session management is out of
> scope with respect to SAML Web Browser SSO.
>
> HTH,
>
> Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: saml-dev-help@lists.oasis-open.org



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]