[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML 2.0 IsPassive option
> theoretically such seemless authentication is still within the bounds of > the isPassive definition. Such authentication methods could probably > involve: > * kerberos (as long as the 401 page is not being displayed to the > end-user after failed login) Which you can't generally guarantee. > Cert based authn is also similar, but with that the browser will ask for > the password of the private key, not sure if that qualifies as passive > authn. If the user sees anything (other than temporary transiting pages or redirects) but the site they started at, the IdP has violated the standard. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]