OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] SSO multiple SPs


On Mar 13, 2014, at 11:51 AM, Security Developer <security.developer22@gmail.com> wrote:

> Dear All,
> 
> I am new to SAML and I have a confusion which I would like to clear with your help.
> 
> I like to know, how webSSO works with two SPS?
> 
> 1- User accesses a resource at first SP
> 2- First SP creates SAML Authentication request and redirect to IDP.
> 3- IDP authenticates the user, create session and sends the SAML response containing SAML assertion to first SP
> 4- First SP validates the SAML assertion, create local session and grant user access
> 
> The above steps are clear to me but what is the flow of passing this SAML assertion to second SP so that SSO can be acheived?

Exactly the same. Second SP generates and AuthnRequest, IdP responds with the SAML Response. The IdP decides whether that is done silently (without user interaction) or whether it requires validation of the user identity. Note that the second (or an SP) can request forced authentication from the IdP.

Paul Hethmon
Chief Software Architect
paul.hethmon@clareitysecurity.com




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]