IdP for Blackboard Connect

David Bantz dabantz at
Fri Aug 31 20:34:36 EDT 2012

On Fri, 31 Aug 2012, at 16:02 , Chad La Joie <lajoie at> wrote:

> Well, if they implemented IdP-initiated SSO then they must be the IdP.

It sounds like it from the (misleading) name, but as Scott & Chad write in the Shibb wiki <>, 

In the original SAML 1.0 and SAML 1.1 standards...SSO was described in only ... as a response from the IdP to the SP, and the "request" portion was left out.  This was carried over into SAML 2.0 as a mode called "IdP-initiated" or "unsolicited" SSO
….the basic idea behind IdP-initiated SSO is that the message is up to the IdP. Something has to initiate the process, it can't magically start for no reason. So there is a request to the IdP, but it isn't a SAML message

§5.1.4 of the SAML Technical Overview < >  is also headed "IdP-Initiated SSO" though it's clear that the service provider is not (necessarily) host the IdP
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list