[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] [SAML2] system in authentication statement
> is there any possibility to write in an authentication > statement for which system a subject has initially been authenticated? If you're asking which party authenticated the user, that would be the Issuer of the assertion as the authentication statement is specifying how the user was authenticted by the issuer. If you're asking which relying party initiated the process for the first authentication in the SSO session, this would probably be considered a privacy leak in most situations, but it would be possible for you to create an AttributeStatement that had such data in it. If your asking which system the user should be granted access to, that probably should be an AuthorizationDecision Statement. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]