OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02

Title: RE: [saml-dev] drfat-catalyst-interop-plan-02

> Rob has already discussed the main issue in his note: on unauthorized

I think (hope) you mean "unauthenticated"

I assume that unauthorized access will get some kind of 403 error.


> access, the content site offers a choice of inter-site portal
> URLs, and after user site selection the content site re-directs to the
> portal
> site with TARGET
> set to a specific value. I had planned to describe this
> explicitly in the draft (as described in message
> http://lists.oasis-open.org/archives/saml-dev/200205/msg00042.html
> )
> but forgot to include this material in the draft. I will do
> so today so we are all on the same page tomorrow.
> - prateek
> >>>
> >>> In D above, I am not sure what is the expected behaviour.
> >>If we redirect
> >>> to portal login, then after logging in, one would be
> >>displayed a content
> >>> page
> >>> with links to content hosted at distinct web sites, but I
> >>would think
> >>> that the user would expect to be taken directly to
> >>> the content application after a successful login upon
> >>redirection. Does
> >>> anyone think alike  or if not can someone please clarify
> >>the expected
> >>> flow ?
> >>
> >>I think what was intended was just what is says - an
> >>authenticated user
> >>hitting the content provider will get redirected to the
> >>portal for login.
> >>However, the description should say more about what happens
> >>next. After
> >>authenticating the user, the portal could have 2 choices. 
> >>
> >>First, the portal could display the links page that refers
> to the ISX
> >>(inter-site transfer) service.  The user would then have to
> >>click to get
> >>back to the original content provider.  Of course the click
> >>really gets them
> >>to the ISX with a TARGET= parameter and the ISX creates the
> >>artifact and
> >>sends them to the remote artifact receiver URL.  That then
> >>gets them to the
> >>content application once the assertion is retrived. 
> >>Obviously, getting the
> >>links page and clicking on it isn't very user-friendly.
> >>
> >>However, if the content provider redirects to the portal AND
> >>supplies a
> >>TARGET= parameter on the redirect, the portal could
> >>authenticate the user
> >>and transfer directly to the ISX service with the supplied TARGET=
> >>parameter.  The user would then not have to see the links
> >>page.  As in the
> >>normal case, the ISX would create the artifact and send the
> >>user back to the
> >>remote SAML artifact receiver.  Once the assertion is
> >>retrieved, the user
> >>will see the content provider page they wanted.
> >>
> >>The 2nd scenario is more user-friendly, but it requires a
> >>vendor's content
> >>site to redirect to the portal with the TARGET= parameter.
> >>
> >>Can other vendors do this?  I am planning for us to handle
> >>either method. 
> >>
> >>Prateek, could we update the scenario to describe this or do
> >>we have to just
> >>stick with the first method?
> >>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC