OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Use of Provider ID in Redirect-Artifact Profile

> But again, this requires SP to know beforehand that so and so IDP has so
> so ProviderID, which is not desired.

This wasn't a use case for the TC and I don't think the specs really support
it at this stage. But I guess one piece of advice would be to dump artifact.
If you really want to do this dynamically (and I think you're going to find
that becomes very difficult in practice), then use POST.

> I am trying to avoid this step. I'd 
> like a self-arranging implementation where services are discovered using
> Resolution Only and not by out of band exchange (as far as feasible). This

> is important. This is the reason why I want to discover the IDP using a 
> common domain cookie upon recceiving SAML Artifact.

A common domain usually assumes prior set up so that the entities all have a
presence in the domain. It runs counter to your use case. It's also in
conflict because if the SP uses the CDC to decide what IdP to use, then
obviously it *knows* about the IdP. So you'd have the providerId.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]