OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [SAML 2.0] 2-SPs 2-IDPs communication issues

Hi all,
My question is regarding the following scenario, with two SPs and two
IdPs. Let's say that our initial point is a SP-initiated SSO with the
user already been authenticated and redirected to the requested
resource at the SP.
Now, user tries to reach some other SP. The standard says that he
clicks either in a link or a bookmark. As the user does not have a
valid logon session on this SP2 and there are two IdPs available, the
SP2 should be provided with some meanings to know the correct IdP
(with correct I mean the IdP with which the user was authenticated).
One is the Identity Provider Discovery profile, but the standard says
it is optional.
1) If there is no Identity Provider Discovery available, how can it be achieved?
2) Should the first SP send some session information to this second
SP? In case the user clicks in a link, it will not be a problem.
However, if he uses either a bookmark or he just writes the new URL
there is no way to send any information, right?

I guess this scenario has to do with the Passive SSO case and
unsolicited responses, but I can't figure out how to make it work.

Any information would be very appreciated.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]