[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Use of Provider ID in Redirect-Artifact Profile
> But again, this requires SP to know beforehand that so and so IDP has so and > so ProviderID, which is not desired. This wasn't a use case for the TC and I don't think the specs really support it at this stage. But I guess one piece of advice would be to dump artifact. If you really want to do this dynamically (and I think you're going to find that becomes very difficult in practice), then use POST. > I am trying to avoid this step. I'd > like a self-arranging implementation where services are discovered using XRI > Resolution Only and not by out of band exchange (as far as feasible). This > is important. This is the reason why I want to discover the IDP using a > common domain cookie upon recceiving SAML Artifact. A common domain usually assumes prior set up so that the entities all have a presence in the domain. It runs counter to your use case. It's also in conflict because if the SP uses the CDC to decide what IdP to use, then obviously it *knows* about the IdP. So you'd have the providerId. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]