Is it possible to hit the IdP login form directly from a browser?
Nate Klingenstein
ndk at internet2.edu
Fri Aug 31 23:26:06 EDT 2012
I should add, one of the nice things about federated identity as
compared to other forms of interrealm identity is that it does
introduce some important degrees of freedom. Allowing the IdP to
authenticate its users however it needs to get that done makes interop
easier, not harder. The SP can always place restrictions on the form
of authentication that it will accept, and in most flows, no entity
directly authenticates the user except the IdP.
On Sep 1, 2012, at 2:36 , Yaowen Tu wrote:
> I have been thinking about the reason of it. Is it because that SAML
> doesn't actually define how IdP authenticate a user? So it is every
> IdP's responsibility and interoperability is an issue? What else?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120901/674ea5cf/attachment.html
More information about the users
mailing list