saml-dev message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [saml-dev] IDP Service
- From: "Cahill, Conor P" <conor.p.cahill@intel.com>
- To: "prasanta behera" <pkb.prasanta@gmail.com>, <saml-dev@lists.oasis-open.org>
- Date: Tue, 22 Nov 2005 12:28:32 -0800
1) Has anyone has experience in building a common IDP service? What are
the issues? I think the business "agreement" of a common domain is challenging
part.
I
don't know what you mean by a "common IDP" service. If you mean an IDP
used by multiple SPs, the sure there's a number of them out there and *yes* the
legal agreement for the various participants is typically the stickiest part of
the process.
2) Is there a profile
for IDP <--> IDP scenario. I am talking about a case where there are
more IDPs and few SPs are participating. For example, if a user is logged into
IDP1, and clicks on a URL to a SP (which also acts like IDP), you can
bypass the <AuthnRequest> i.e., generate the SAML Assertion and send
it.
This
example isn't an IDP->IDP scenario, but an IDP->SP scenario and is
referred to as a "push" authentication (as opposed to the more typical "pull"
authentication via the AuthnRequest). Yes, this is supported and it is
documented in the Profiles specification under the Web Browser SSO Profile (see
section 4.1.5 "Unsolicited Responses").
Let me know if this is not the right forum to ask these questions.
(New to this TC).
This
is the rigth place to ask these kinds of questions.
Conor
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]