OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] Is a separate "ArtifactReceiver" required?

Dear Rob, Dear experts,

my point is the question whether the URL carrying the SAML-Artifact can be send ***directly*** to the protected resource without the usage of an "ArtifactReceiverServlet" as separate web-application.

Does the specification disallow this??? 
MUST I have a separate servlet to receive the artifact and redirect the user-browser???

The intention is to increase the performance, because the usage of an ArtifactReceiverServlet requires an additional redirection step at the user browser site. 
For a "single-click" application this is not worth worrying, but there are other scenarios in which many resources are retrieved and each performance penalty in form of a redirection causes notable delays for end-users.

If we have a Servlet Container that is capable of inspecting each (!) incoming URL and recognize the SAMLart-Parameter, then this step can be omitted. The TARGET Parameter is not needed because the target is directly called. With "odd" I mean the duplication of the TARGET (as parameter and implicit in the address).

Juergen Kremp

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC