[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Subject in the AuthRequest.
In the AuthRequest there is a <saml:Subject> tag where the requestor can specify the subject of the resulting assertion.
Can anyone please give an example/use case ? I thought it was the IDP during AuthReq to determine the Subject.
If the SP knows the subject (I'm assuming that somehow the subject had to be previously authenticated and an assertion generated) wouldn't it perform an AssertionQuery kind of request instead ?
Subject can contain subject confirmation data to indicate how and by whom the resulting assertions can be confirmed.
In the case of holder of key for example the SP would include the Key the SP owns to confirm the subject.
Shouldn't the IDP verify this key?