OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Assertion consumption at SP

>When Idp issues a SAML assertion and it is received by SP. When validates
>the assertion st SP before granting access. Does SP validates the
>assertion in its own application or it >makes a call to Idp for assertion

The SP validates the assertion using the public key it is configured with
for that IdP. The expectation is that key has been vetted by the
administrator of the SP so that it can be trusted. That lets the SP
validate the assertion and trust it.

>If SP validates assertion locally then how does logout works i.e. logging
>out the session in all the SPs from Idp (Logout Request)?

Poorly, if at all. Not all SPs implement SLO. Even if they do, the
protocol cannot guarantee that all SPs are contacted and do a full logout.
It's a best effort.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]