List Home All Archives Dates Threads Authors Subjects
saml-dev - RE: [saml-dev] SP --> IDP Auth Message Thread: Previous | Next
  • From: "Cahill, Conor P" <conor.p.cahill@intel.com>
  • To: "prasanta behera" <pkb.prasanta@gmail.com>, <saml-dev@lists.oasis-open.org>
  • Date: Mon, 28 Nov 2005 11:04:04 -0800
Send Email to saml-dev@lists.oasis-open.org:
Send new message
Reply to this message
 
SP wants to know if the user is authenticated or not (status: Y or N) at the IDP?
How can I do that? 
There is *NO* way to do this in SAML (1.0 or 2.0).
 
The other answer's I've seen all deal with answering the question "Is the IdP willing to establish and/or share an authentication session with the SP?' or from the SP's point of view "Please provide whaterver authentication information you are allowed to provide for this user?"
 
If everything works and all permissions are granted, the SP finds out that the user is authenticated and that the IdP was willing to share that information with the SP. 
 
If it doesn't work (for many different reasons) the SP gets nothing.  So the SP can't tell if the user is authenticated or not at the IdP when it gets nothing.
 
There are many cases where the user will be authetnicated at an IdP where the SP cannot figure that out.
 
 
Conor 

By Date: Previous | Next Current Thread By Thread: Previous | Next


  Mail converted by the most-excellent MHonArc 2.6.10