OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Authentication on IDP.

Title: Message
Sorry forgot to mention that the SPB uses a certificate (PKI or similar) for authentication.
-----Original Message-----
From: Sarno, Giuseppe [MOP:GM15:EXCH]
Sent: 31 October 2005 16:23
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] Authentication on IDP.

I'm trying to understand how the IDP knows what credential to apply in case of authentication challenge in a SSO scenario.

Pricipal seen as USER_A on SPA and USER_B on SPB and USER_IDP on IDP

SPA initiated:
SPA redirect (for example) authrequest to IDP indicating that the AuthContext_A AuthContext should be applied to the user.

Question 1: 
in case Context_A = userId/password, what user Id should be used ?
        The one known at the IDP (USER_IDP) (which means we can only use the user identifier at the IDP for that circle of trust)

        or (in case the ID has the knowledge) could actually use the USER_A as known at SPA.

SPB Initiated

Quetion 2:
in case of Context_B = again where the IDP gets the certificate from ?

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]