[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML 2.0 IsPassive option
* Chiranga Alwis <chirangaalwis@gmail.com> [2016-05-10 07:13]: > Does this property have a connection with active and passive > profiles in single-sign-on? "active" and "passive" are not SAML terms, I think those come from Microsoft to distinguish standard-web-browser-with-no-software-added ("passive") flows from cases where software plays a more active role in mediating SSO, somethink like ECP in SAML. So no, active and passive (the way you'll likely think about those) have nothing to do with isPassive. isPassive signals to the IDP that it can't put up a HTML page and prompt the subject for authentication (or anything else, really) -- which would be the expected behaviour IF the subject still had an SSO session, and now this behaviour is also demanded in case the subject does NOT have an active SSO session at the IDP anymore. With an active SSO session at the IDP the subject will return with a new SAML assertion (I think), without an active SSO session at the IDP the subject will return with a different SAML protocol message. -peter
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]