Social2SAML gateway authentication assertion contents
Cantor, Scott
cantor.2 at osu.edu
Mon Nov 21 14:51:17 GMT 2011
On 11/21/11 9:01 AM, "Keith Hazelton" <hazelton at doit.wisc.edu> wrote:
>
>Where should the social IdP and the gateway identity be carried in the
>SAML authentication assertion? What are the alternatives and tradeoffs?
Proxied SAML authentication is covered by the core spec, and the
AuthenticatingAuthority element inside the AuthnContext is the apropriate
place to communicate proxied identity sources. The case of non-SAML IdPs
was explicitly covered.
There aren't any alternatives apart from extensions. Using attributes is
not really appropriate, because this is not information about the subject.
-- Scott
More information about the users
mailing list