[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services-comment] Fwd: SAML attributes for Kerberos
> > (3) use the Kerberos S4U mechanisms, where the IdP obtains a ticket > > from the KDC on behalf of the SP. The SP uses the already-defined > > Kerberos Attribute Profile facilities to request the ticket from the > > IdP. > > > > On the basis of the information available to me, (3) is my suggested > > approach. The specific case we have in mind, I think, is one where the user's password will be available to the IdP so that a TGT can be obtained wihtout S4U. The question at hand seems to be what needs to be in the assertion, and I'll let CMU address why they believe the AP_REQ isn't the right thing to transmit. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]