[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [SAML 2.0] 2-SPs 2-IDPs communication issues
Hi all, My question is regarding the following scenario, with two SPs and two IdPs. Let's say that our initial point is a SP-initiated SSO with the user already been authenticated and redirected to the requested resource at the SP. Now, user tries to reach some other SP. The standard says that he clicks either in a link or a bookmark. As the user does not have a valid logon session on this SP2 and there are two IdPs available, the SP2 should be provided with some meanings to know the correct IdP (with correct I mean the IdP with which the user was authenticated). One is the Identity Provider Discovery profile, but the standard says it is optional. 1) If there is no Identity Provider Discovery available, how can it be achieved? 2) Should the first SP send some session information to this second SP? In case the user clicks in a link, it will not be a problem. However, if he uses either a bookmark or he just writes the new URL there is no way to send any information, right? I guess this scenario has to do with the Passive SSO case and unsolicited responses, but I can't figure out how to make it work. Any information would be very appreciated. Regards, Enrique
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]