OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Non-web client authentication

I need an authentication profile for clients that are not web-based.  
In our architecture we cannot trust applications to handle  
principal's credentials.

We are planning to implement some compromise between user comfort and  
user credential privacy. Here are an outline of what we will do:
The application must initiate a authentication session with the  
identity provider. It gets an session key back. (and an url to open  
to the user)
The application launches a browser with the given URL including the  
session key.
The user must presents his credentials at the web page.
The identity provider login portal tells the user that he is  
successfully authenticated and should return the application X.
The user clicks OK in the application signalling that authentication  
is performed.
The application sends a request to the identity provider with the  
session key asking if the user is successully authenticated.
The application gets back a response that the user is successully  
authenticated, and may be some user attributes.

	The protocol between the application and the IdP is SAML.

Here are some old draft with more details, but somewhat outdated:

Are there anyone who have standardised something like this. And if  
not is there any interest of doing so within oasis. If not are there  
any other forum that could be interested - Liberty?

I would think that there should be several others that have the same  
problems that we have, and have implemented it somehow, please point  
us in direction of other similar approaches.

Kind regards

Andreas Åkre Solberg
UNINETT - http://uninett.no

Contact Info and PGP Public Key:


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]