OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SSO Browser profile question

Hello *,


Which mechanisms does SAML provide for maintaining the state between the initial resource request of the User Agent and the actual response of the SP? (SSO Browser profile). I will clarify my question with a small example:


A User Agent accesses a resource on an SP for which it has no security context:


  1. UA requests a resource on the SP.
  2. SP responds with an <AuthnRequest>. (-> no security context)
  3. <AuthnRequest>gets redirected to the IdP.
  4. IdP redirects an assertion about the Principal to the SP.
  5. SP responds to UA. (-> requested resource)


Which SAML mechanisms can be used by an SP to correlate the initial resource request (step 1) with the redirected assertion (step 4)? In other words, how does the SP know which resource it has to provide based on the response of the IdP?


Best regards,


Jurgen Goelen


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]