OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: new to OpenSAML

Title: RE: new to OpenSAML

> www.abc.com will authenticate the user. If authentication succeeds,
> www.abc.com will create an SAML AuthenticationResponse  ( in
> corrrelation to SAML Request sent by www.xyz.com, see document for
> details ) containing SAML Authnetication Assertions.

This is incorrect interpretation. SAML assumes that a user has previously
authenticated against the Authentication Authority. The Authentication Request
is a request for information about this previous event.

SAML1.1 core spec , 3.3.3 Element <AuthenticationQuery>

"The <AuthenticationQuery> element MUST NOT be used as a request for a
new authentication using credentials provided in the request.
<AuthenticationQuery> is a request for statements about authentication
acts that have occurred in a previous interaction between the indicated
subject and the Authentication Authority."


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]