IdP for Blackboard Connect
David Bantz
dabantz at alaska.edu
Fri Aug 31 20:34:36 EDT 2012
On Fri, 31 Aug 2012, at 16:02 , Chad La Joie <lajoie at itumi.biz> wrote:
> Well, if they implemented IdP-initiated SSO then they must be the IdP.
It sounds like it from the (misleading) name, but as Scott & Chad write in the Shibb wiki <https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO>,
In the original SAML 1.0 and SAML 1.1 standards...SSO was described in only ... as a response from the IdP to the SP, and the "request" portion was left out. This was carried over into SAML 2.0 as a mode called "IdP-initiated" or "unsolicited" SSO
….the basic idea behind IdP-initiated SSO is that the message is up to the IdP. Something has to initiate the process, it can't magically start for no reason. So there is a request to the IdP, but it isn't a SAML message
§5.1.4 of the SAML Technical Overview <http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html > is also headed "IdP-Initiated SSO" though it's clear that the service provider is not (necessarily) host the IdP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120831/1eca7a39/attachment.html
More information about the users
mailing list