[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Assertion consumption at SP
>When Idp issues a SAML assertion and it is received by SP. When validates >the assertion st SP before granting access. Does SP validates the >assertion in its own application or it >makes a call to Idp for assertion >validation? The SP validates the assertion using the public key it is configured with for that IdP. The expectation is that key has been vetted by the administrator of the SP so that it can be trusted. That lets the SP validate the assertion and trust it. >If SP validates assertion locally then how does logout works i.e. logging >out the session in all the SPs from Idp (Logout Request)? Poorly, if at all. Not all SPs implement SLO. Even if they do, the protocol cannot guarantee that all SPs are contacted and do a full logout. It's a best effort. Paul
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]