saml-dev message

Subject: Re: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?

From: "Tom Scavo" <trscavo@gmail.com>
To: "Cahill, Conor P" <conor.p.cahill@intel.com>
Date: Tue, 9 May 2006 15:50:10 -0400

On 5/9/06, Cahill, Conor P <conor.p.cahill@intel.com> wrote:
>
> > Is there something I'm missing here?  Is there some reason
> > why the SP must initiate the request?  If not, this is a
> > piece of cake. :-)
>
> The main reason why people generally don't like the IdP-first
> model (which, as you said does work) is that it means that
> bookmarks or any form of direct access to the SP won't work.

An SP can support both profiles (SP-first and IdP-first)
simultaneously.  An IdP-first flow doesn't require IdP discovery, so
use it whenever possible.  If a user requests a resource at the SP, on
the other hand, additional steps are required, including possible
interactions with the user.  All I'm saying is, if this can be
avoided, why not do so?

Tom

References:
- RE: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?
  - From: "Cahill, Conor P" <conor.p.cahill@intel.com>