OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] SAML 2.0 IsPassive option


* Chiranga Alwis <chirangaalwis@gmail.com> [2016-05-10 07:13]:
> Does this property have a connection with active and passive
> profiles in single-sign-on?

"active" and "passive" are not SAML terms, I think those come from
Microsoft to distinguish standard-web-browser-with-no-software-added
("passive") flows from cases where software plays a more active role
in mediating SSO, somethink like ECP in SAML.

So no, active and passive (the way you'll likely think about those)
have nothing to do with isPassive.

isPassive signals to the IDP that it can't put up a HTML page and
prompt the subject for authentication (or anything else, really) --
which would be the expected behaviour IF the subject still had an SSO
session, and now this behaviour is also demanded in case the subject
does NOT have an active SSO session at the IDP anymore.
With an active SSO session at the IDP the subject will return with a
new SAML assertion (I think), without an active SSO session at the IDP
the subject will return with a different SAML protocol message.
-peter



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]