[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02
I think that's fine. Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 mailto:rphilpott@rsasecurity.com > -----Original Message----- > From: Bhavna Bhatnagar [mailto:bhavna.bhatnagar@sun.com] > Sent: Tuesday, May 21, 2002 11:44 AM > To: Philpott, Robert; bhavna.bhatnagar@sun.com; saml-dev@lists.oasis- > open.org; pmishra@netegrity.com > Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02 > > Prateek/Rob, > Thanks for the explanation. Even though the user friendly way makes more > sense where you automatically get redirected to the content app after > successful > login, I dont think we here have the time to support it. We may just > redirect to the the list of Urls, hope that would be ok. > > Thanks > > Bhavna > > >Content-return: allowed > >Date: Mon, 20 May 2002 10:02:36 -0400 > >From: "Mishra, Prateek" <pmishra@netegrity.com> > >Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02 > >To: "'Philpott, Robert'" <rphilpott@rsasecurity.com>, "'Bhavna > Bhatnagar'" > <bhavna.bhatnagar@sun.com>, saml-dev@lists.oasis-open.org > >MIME-version: 1.0 > >List-Owner: <mailto:saml-dev-help@lists.oasis-open.org> > >List-Post: <mailto:saml-dev@lists.oasis-open.org> > >List-Subscribe: <http://lists.oasis-open.org/ob/adm.pl>, > <mailto:saml-dev-request@lists.oasis-open.org?body=subscribe> > >List-Unsubscribe: <http://lists.oasis-open.org/ob/adm.pl>, > <mailto:saml-dev-request@lists.oasis-open.org?body=unsubscribe> > >List-Archive: <http://lists.oasis-open.org/archives/saml-dev/> > >List-Help: <http://lists.oasis-open.org/elists/admin.shtml>, > <mailto:saml-dev-request@lists.oasis-open.org?body=help> > >List-Id: <saml-dev.lists.oasis-open.org> > > > > > >Bhavna, > > > >Rob has already discussed the main issue in his note: on unauthorized > >access, the content site offers a choice of inter-site portal > >URLs, and after user site selection the content site re-directs to the > >portal > >site with TARGET > >set to a specific value. I had planned to describe this > >explicitly in the draft (as described in message > > > >http://lists.oasis-open.org/archives/saml-dev/200205/msg00042.html > > > >) > > > >but forgot to include this material in the draft. I will do > >so today so we are all on the same page tomorrow. > > > >- prateek > > > > > >>>> > >>>> In D above, I am not sure what is the expected behaviour. > >>>If we redirect > >>>> to portal login, then after logging in, one would be > >>>displayed a content > >>>> page > >>>> with links to content hosted at distinct web sites, but I > >>>would think > >>>> that the user would expect to be taken directly to > >>>> the content application after a successful login upon > >>>redirection. Does > >>>> anyone think alike or if not can someone please clarify > >>>the expected > >>>> flow ? > >>> > >>>I think what was intended was just what is says - an > >>>authenticated user > >>>hitting the content provider will get redirected to the > >>>portal for login. > >>>However, the description should say more about what happens > >>>next. After > >>>authenticating the user, the portal could have 2 choices. > >>> > >>>First, the portal could display the links page that refers to the ISX > >>>(inter-site transfer) service. The user would then have to > >>>click to get > >>>back to the original content provider. Of course the click > >>>really gets them > >>>to the ISX with a TARGET= parameter and the ISX creates the > >>>artifact and > >>>sends them to the remote artifact receiver URL. That then > >>>gets them to the > >>>content application once the assertion is retrived. > >>>Obviously, getting the > >>>links page and clicking on it isn't very user-friendly. > >>> > >>>However, if the content provider redirects to the portal AND > >>>supplies a > >>>TARGET= parameter on the redirect, the portal could > >>>authenticate the user > >>>and transfer directly to the ISX service with the supplied TARGET= > >>>parameter. The user would then not have to see the links > >>>page. As in the > >>>normal case, the ISX would create the artifact and send the > >>>user back to the > >>>remote SAML artifact receiver. Once the assertion is > >>>retrieved, the user > >>>will see the content provider page they wanted. > >>> > >>>The 2nd scenario is more user-friendly, but it requires a > >>>vendor's content > >>>site to redirect to the portal with the TARGET= parameter. > >>> > >>>Can other vendors do this? I am planning for us to handle > >>>either method. > >>> > >>>Prateek, could we update the scenario to describe this or do > >>>we have to just > >>>stick with the first method? > >>> > > > >---------------------------------------------------------------- > >To subscribe or unsubscribe from this elist use the subscription > >manager: <http://lists.oasis-open.org/ob/adm.pl> > > ________________________________________________________________________ > Bhavna Bhatnagar Sun Microsystems Inc. > Identity Management group __o > Tel: 408-276-3591 _`\<,_ > (*)/ (*) > ________________________________________________________________________ >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC