|
|
saml-dev - RE: [saml-dev] SP --> IDP Auth
|
Message Thread:
Previous |
Next
|
- From: "Cahill, Conor P" <conor.p.cahill@intel.com>
- To: "prasanta behera" <pkb.prasanta@gmail.com>, <saml-dev@lists.oasis-open.org>
- Date: Mon, 28 Nov 2005 11:04:04 -0800
- Send Email to saml-dev@lists.oasis-open.org:
- Send new message
- Reply to this message
|
SP wants to know if the user is authenticated or not (status: Y or N) at
the IDP? How can I do that?
There
is *NO* way to do this in SAML (1.0 or 2.0).
The
other answer's I've seen all deal with answering the question "Is the IdP
willing to establish and/or share an authentication session with the SP?' or
from the SP's point of view "Please provide whaterver authentication information
you are allowed to provide for this user?"
If
everything works and all permissions are granted, the SP finds out that the user
is authenticated and that the IdP was willing to share that information with the
SP.
If it
doesn't work (for many different reasons) the SP gets nothing. So the SP
can't tell if the user is authenticated or not at the IdP when it gets
nothing.
There
are many cases where the user will be authetnicated at an IdP where the SP
cannot figure that out.
Conor
|
By Date:
Previous |
Next
|
Current Thread
|
By Thread:
Previous |
Next
|
- RE: [saml-dev] SP --> IDP Auth, Cahill, Conor P (you are here)
|
|