OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] SSO Browser profile question


 
a) SAML provides for relay state information to be passed in the authnrequest and returned in the Response.
 
b) The SP can store it's own information in the browser (via cookie) prior to sending the user to the IdP and use this information when the IdP sends the browser back.
 
Conor


From: Goelen, Jurgen [mailto:jurgen.goelen@siemens.com]
Sent: Tuesday, June 13, 2006 10:24 AM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] SSO Browser profile question

Hello *,

 

Which mechanisms does SAML provide for maintaining the state between the initial resource request of the User Agent and the actual response of the SP? (SSO Browser profile). I will clarify my question with a small example:

 

A User Agent accesses a resource on an SP for which it has no security context:

 

  1. UA requests a resource on the SP.
  2. SP responds with an <AuthnRequest>. (-> no security context)
  3. <AuthnRequest>gets redirected to the IdP.
  4. IdP redirects an assertion about the Principal to the SP.
  5. SP responds to UA. (-> requested resource)

 

Which SAML mechanisms can be used by an SP to correlate the initial resource request (step 1) with the redirected assertion (step 4)? In other words, how does the SP know which resource it has to provide based on the response of the IdP?

 

Best regards,

 

Jurgen Goelen

 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]