OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?


> QUESTION: How does the car rental service identify to the airline the
> person for which authentication information is requested?  All that the
> car rental service knows is that an HTTP GET was issued to this URL:
> 
>      https://www.CarRentalInc.com

I might have missed it, but I never saw a direct answer to this. A technical
term for this that's sometimes used is "indexical reference". The reason it
works is that the AuthnRequest is sent back to the browser in response to
the GET and it's the browser that sends it to the IdP via GET or POST. The
reference is to "that guy wielding the browser", and the whole thing is
"secured" using bearer semantics.

The SP and IdP understand implicitly that the messages being passed refer to
the browser accessing them. They tunnel the rest of what they do (password
collection, session state, SAML messages) inside the HTTP messages
exchanged.

This is just one adaptation of SAML to do something.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]