[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML & establishing an SSO connection
Lucas, Mike wrote at 2014-12-9 18:05 +0000: >Imagine we want to have SSO between Site A and Site B, and the normal usage is for Site A to be the IdP, and Site B to be the SP. > >However, before the "connection" is established between these sites for a particular principal, Site A and B don't have any common information about the principal to agree upon. They don't want to use a back-channel, so they need a use case to establish a common identifier. The typical case is that the IdP assigns an identifier "i" and passes it to the SP and the SP uses the identifier "IdP:i" (i.e., "i" qualified by the IdP; the qualification may be required when SP interacts with other IdPs which might assign the same "i" to one of their users). If the IdP,too, internally uses "IdP:i", you get a common identifier used universally -- without any back-channel. -- Dieter
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]