[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?
Roger, Usually it's done by replacing direct link to the https://www.CarRentalInc.com (SP) with https://www.AirlineInc.com/IdP/transfer?TARGET=https://www.CarRentalInc.com It's called inter site transfer. Giedrius On 5/9/06, Costello, Roger L. <costello@mitre.org> wrote: > > > > Case 1: The user's first access is to the Airline's service: > > > > QUESTION: How does the car rental service identify to the airline the > > person for which authentication information is requested? > > There's nothing that says the SP has to initiate the browser profile. > Why not simply push an authentication assertion to the assertion > consumer service when the user clicks on the car rental link at the > IdP? > > Hi Tom, > > How would the airline service know that the user has clicked on the > link? The web page that contains the link is in the user's browser; > the airline service has no way of knowing whether or not the user will > follow the link. /Roger > > --------------------------------------------------------------------- > This publicly archived list supports open discussion on implementing the SAML OASIS Standard. To minimize spam in the > archives, you must subscribe before posting. > > [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ > Alternately, using email: list-[un]subscribe@lists.oasis-open.org > List archives: http://lists.oasis-open.org/archives/saml-dev/ > Committee homepage: http://www.oasis-open.org/committees/security/ > List Guidelines: http://www.oasis-open.org/maillists/guidelines.php > Join OASIS: http://www.oasis-open.org/join/ > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]