Is it possible to hit the IdP login form directly from a browser?

Nate Klingenstein ndk at
Fri Aug 31 23:26:06 EDT 2012

I should add, one of the nice things about federated identity as  
compared to other forms of interrealm identity is that it does  
introduce some important degrees of freedom.  Allowing the IdP to  
authenticate its users however it needs to get that done makes interop  
easier, not harder.  The SP can always place restrictions on the form  
of authentication that it will accept, and in most flows, no entity  
directly authenticates the user except the IdP.

On Sep 1, 2012, at 2:36 , Yaowen Tu wrote:

> I have been thinking about the reason of it. Is it because that SAML  
> doesn't actually define how IdP authenticate a user? So it is every  
> IdP's responsibility and interoperability is an issue? What else?

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list