OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] AuthenticatingAuthority usage

On 7/8/15, 7:35 AM, "Peter Major" <peter.major@forgerock.com> wrote:

>2) what should happen when a proxy receives a SAML response that
>contains more than one Assertions and/or more than one AuthnStatements?

Proxies can do whatever they choose to do with the data they get. Some are transparent and some are very opaque. None of that is in scope of the standard.

>3) Is there like a special processing rule about recreating equal amount 
>of assertions as what was received from the IdP, or is the proxy allowed 
>to aggregate those into a single assertion?

It can do anything it wants.

>4) is the "element referencing the identity provider" actually the 
>entityID of the IdP? The rest of the spec(s) used "unique identifier of 
>the IdP" term instead.

The element it's talking about is the AuthenticatingAuthority element. The content is the entityID of the proxied IdP.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]