OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML & establishing an SSO connection

Lucas, Mike wrote at 2014-12-9 18:05 +0000:
>Imagine we want to have SSO between Site A and Site B, and the normal usage is for Site A to be the IdP, and Site B to be the SP.
>However, before the "connection" is established between these sites for a particular principal, Site A and B don't have any common information about the principal to agree upon. They don't want to use a back-channel, so they need a use case to establish a common identifier.

The typical case is that the IdP assigns an identifier "i" and passes it
to the SP and the SP uses the identifier "IdP:i" (i.e., "i" qualified
by the IdP; the qualification may be required when SP interacts
with other IdPs which might assign the same "i" to one of their users).
If the IdP,too, internally uses "IdP:i", you get a common identifier
used universally -- without any back-channel.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]