[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SSO Integration between desk top and web apps
On 12/10/12 8:07 PM, "Will Hartung" <willh@mirthcorp.com> wrote: >Is the Enhanced Client or Proxy (ECP) Profile best used for this? Is >there something else? Yeah, I would say Kerberos and SPNEGO are an obvious candidate. >Looking at the ECP I can see this scenario. >5. Finally, the client extracts from the SOAP envelope and packages >the AuthResponse in to an HTML Redirect Binding auto-submit form, That's not ECP, that's something you just made up. ECP is a SOAP request back to the SP, not an HTML form. >Is this a valid use case of ECP? Or simply an abuse of it? Neither, it's invented by you on the spot. It's 3/4 ECP, 1/4 Browser SSO, I guess. Some SPs wouldn't know the difference, it would depend on the implementation. >To complicate this use case, the client is part of a 3rd party, so >there's a federation issue. We were going to either trust the payloads >from the client, or have the 3rd party authorize the request through a >back channel request during authentication. I don't know what that means. >Or should we consider OAuth? I have no doubt you can manufacture something with OAuth. I think it will as standard a flow as anything in SAML, which is to say, not. >But just curious what other folks are doing to try and enable this >kind of hand off. I definitely know of sites that use Kerberos. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]