saml-dev message

Subject: Re: [saml-dev] FW: Products and OSS that support SAML2 AssertionXML reuse

From: "Cantor, Scott E." <cantor.2@osu.edu>
To: Colin Wallis <Colin.Wallis@dia.govt.nz>, "saml-dev@lists.oasis-open.org"<saml-dev@lists.oasis-open.org>
Date: Wed, 13 Jul 2011 13:51:04 +0000

On 7/13/11 1:43 AM, "Colin Wallis" <Colin.Wallis@dia.govt.nz> wrote:

>Hi Folks
> 
>I'm wondering if you can help
>out one of our developers with this question?
> 
>We have a requirement to later
>reuse the SAML2 Assertion document
>(i.e. XML) issued by IDP.

Generally you *can't*, depending on what you intend to use it to do. That
depends on the assertion's content.

> 
>1) Do you know of any (and how
>many) SAML2 SP products do persist IDP
>issued assertion XML after parsing XML?

Define "persist". Persist where?

> 
>2) If most products
>don't persist it, then what is the rationale behind not
>doing so?

SSO assertions by design are generally single use and short lived and
certainly not forwardable.

-- Scott

Follow-Ups:
- RE: [saml-dev] FW: Products and OSS that support SAML2 AssertionXML reuse
  - From: Colin Wallis <Colin.Wallis@dia.govt.nz>

References:
- FW: Products and OSS that support SAML2 Assertion XML reuse
  - From: Colin Wallis <Colin.Wallis@dia.govt.nz>