[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: new to OpenSAML
> > www.abc.com will authenticate the user. If authentication succeeds, > > www.abc.com will create an SAML AuthenticationResponse ( in > > corrrelation to SAML Request sent by www.xyz.com, see document for > > details ) containing SAML Authnetication Assertions. > > This is incorrect interpretation. SAML assumes that a user has previously > authenticated against the Authentication Authority. The Authentication > Request is a request for information about this previous event. You're also a little off. The 1.1 SSO profiles don't formally call out a step that you can call an "authn request". The new 2.0 profile does, but 1.1 starts with the user at the source site, so authentication is pre-supposed. > SAML1.1 core spec , 3.3.3 Element <AuthenticationQuery> > > "The <AuthenticationQuery> element MUST NOT be used as a request for a > new authentication using credentials provided in the request. > <AuthenticationQuery> is a request for statements about authentication > acts that have occurred in a previous interaction between the indicated > subject and the Authentication Authority." Right, but AuthenticationQuery isn't used anywhere in the SSO profiles and it's entirely distinct from the use case being discussed. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]