saml-dev message

Subject: Re: [saml-dev] Profiles for configuring a web profile SP with multiple IdPs?

From: "Cantor, Scott" <cantor.2@osu.edu>
To: Will Hartung <willh@mirthcorp.com>, Tom Scavo <trscavo@gmail.com>
Date: Tue, 10 Jun 2014 18:39:56 +0000

On 6/10/14, 2:36 PM, "Will Hartung" <willh@mirthcorp.com> wrote:
>
>I like the discovery profile. It handwaves the actual IdP
>identification process, but it at least abstracts the problem. I think
>we can leverage that using something as simple as an IP range to help
>distinguish the client for our case.

That's usually pretty risky in today's environment but you know your use
case.

> But, most important, it defers
>the decsion outside of the applications, which is important and what I
>was really looking for.

That is the basic intent (also to abstract it from the SAML
implementation).

There are also implementations of that profile from Shibboleth and one
called DiscoJuice in PHP, and the latter supports IP-based geohinting.

Good luck,
-- Scott

Follow-Ups:
- Re: [saml-dev] Profiles for configuring a web profile SP with multiple IdPs?
  - From: Peter Schober <peter.schober@univie.ac.at>
- Re: [saml-dev] Profiles for configuring a web profile SP with multiple IdPs?
  - From: Will Hartung <willh@mirthcorp.com>

References:
- Profiles for configuring a web profile SP with multiple IdPs?
  - From: Will Hartung <willh@mirthcorp.com>
- Re: [saml-dev] Profiles for configuring a web profile SP with multiple IdPs?
  - From: "Cantor, Scott" <cantor.2@osu.edu>
- Re: [saml-dev] Profiles for configuring a web profile SP with multiple IdPs?
  - From: Tom Scavo <trscavo@gmail.com>
- Re: [saml-dev] Profiles for configuring a web profile SP with multiple IdPs?
  - From: Will Hartung <willh@mirthcorp.com>