OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] SAML 2.0 new features help.

> I thought SAML would provide a way to allow SP sessions without using
> cookies (which I think this is implementation specific). I guess this
> was a wrong assumption.

SAML doesn't define SP sessions, that's implementation specific. As far as
using SSO without cookies, that's right up there with breathing without
lungs. You can probably do it, but the baggage you'll be carrying around is
pretty cumbersome.

> Could for this reason (SP session) the RelayState be used ? Otherwise
> which is the purpose of this info ?

No. It's for preserving state between a request to the IdP and the response,
which is why you can usually just use a cookie and not bother with it.

> The other thing I now understand that the cookie problem is mainly for
> IDP discovery (talking about cookies I thought it was merely a session
> problem).
> So I was looking for answers on the specs in the wrong place.

Yes, the only cookie formally defined anywhere in SAML is just an example of
how to solve that caching problem.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]