OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] IDP Service


 

1) Has anyone has experience in building a common IDP service? What are the issues? I think the business "agreement" of a common domain is challenging part.  
I don't know what you mean by a "common IDP" service.  If you mean an IDP used by multiple SPs, the sure there's a number of them out there and *yes* the legal agreement for the various participants is typically the stickiest part of the process.
 2)  Is there a profile for IDP <--> IDP scenario. I am talking about a case where there are more IDPs and few SPs are participating. For example, if a user is logged into IDP1, and clicks on a  URL to a SP (which also acts like IDP), you can bypass the <AuthnRequest> i.e., generate the SAML Assertion and send it. 
This example isn't an IDP->IDP scenario, but an IDP->SP scenario and is referred to as a "push" authentication (as opposed to the more typical "pull" authentication via the AuthnRequest).  Yes, this is supported and it is documented in the Profiles specification under the Web Browser SSO Profile (see section 4.1.5 "Unsolicited Responses").
 
Let me know if this is not the right forum to ask these questions.
(New to this TC).
This is the rigth place to ask these kinds of questions.
 
Conor


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]