Vendor's SAML support interpretation
David Bantz
dabantz at alaska.edu
Tue Feb 19 16:52:27 EST 2013
A potential vendor's documentation describes their support for SSO and SAML as follows:
> SAML Authentication:
>
> User initiates the request via a link
>
> Client’s server intercepts and generates SSO assertion
>
> SAML assertion is posted to SSO URL by the browser
>
> Signature, timestamp, and recipient are posted
>
> Payload is examined for destinations
>
> User looked-up, must be active
>
> User logged-in and redirected to destination (login page or deep link)
>
Do I correctly infer they are supporting only unsolicited or "idp initiated" SSO?
What caveats (if any) should I relay to the prospective service owner(s)?
I've read https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO
Thanks for any pointers,
David Bantz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130219/a165138e/attachment-0001.html
More information about the users
mailing list