OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?


1. The Airline Pushes an Unsolicited SAML Authentication Response to the Car Rental Agency
In this approach the user makes his way to the car rental service via an indirect route.  Clicking on the link doesn't take him to the car rental service; instead, it takes him back to the airline service.  Here's the link's URL: 


Note the query parameter (the param=value pair after the question mark).  
The airline service is activated and constructs an Authentication Response XML document.  It then does an HTTP redirect (using the value of the TARGET query parameter), redirecting the user to the car rental service, and attaches the Authentication Response XML document as the payload of the HTTP redirect.
QUESTION:  When doing an HTTP redirect, can you add a payload?  I thought a redirect was just altering an HTTP GET URL to a different URL?  Is it really an HTTP redirect that occurs?  I am fuzzy on what happens between the time the user clicks on the link, to the time he arrives at the car rental agencies' service. 
what actually happens is something along the lines of:
this is but one of the many different sequences that could come into play.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]