[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] Is a separate "ArtifactReceiver" required?
Dear Rob, Dear experts, my point is the question whether the URL carrying the SAML-Artifact can be send ***directly*** to the protected resource without the usage of an "ArtifactReceiverServlet" as separate web-application. Does the specification disallow this??? MUST I have a separate servlet to receive the artifact and redirect the user-browser??? The intention is to increase the performance, because the usage of an ArtifactReceiverServlet requires an additional redirection step at the user browser site. For a "single-click" application this is not worth worrying, but there are other scenarios in which many resources are retrieved and each performance penalty in form of a redirection causes notable delays for end-users. If we have a Servlet Container that is capable of inspecting each (!) incoming URL and recognize the SAMLart-Parameter, then this step can be omitted. The TARGET Parameter is not needed because the target is directly called. With "odd" I mean the duplication of the TARGET (as parameter and implicit in the address). Juergen Kremp SAP AG
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC