RE: [saml-dev] New to SAML

["Scott Cantor" <cantor.2@osu.edu>]

> 1. Once a artifact is send by the company1(Sender) to company2(Receiver), 
> how do you read/decipher it on your end.? What tools do you use or are
> there any sample codes available to download?

Most people run commercial products or use open source equivalents (e.g.
Shibboleth). A smaller number reinvent the wheel and build SSO components
all over again using toolkits, of which there are commercial and open source
versions, mostly Java as a rule.

> 2. As a receiver does the company has to use any product to be SAML 
> enabled.?

You don't have to do anything but process and produce the messages according
to the spec, how you do it is up to you. But the community using it has to
full in a lot of the blanks to meet their requirements. Even at the profile
level, SAML is very general. Implementations have lots of knobs for tuning
the rules, which is why it's not so easy to just roll it yourself.

-- Scott