Vendor's SAML support interpretation
davel at uchicago.edu
Tue Feb 19 16:54:39 EST 2013
Sounds like it could be interpreted as that. However, SP lazy session initiation can be described the same way.
Identity & Access Management
The University of Chicago
On Feb 19, 2013, at 2:52 PM, David Bantz <dabantz at alaska.edu<mailto:dabantz at alaska.edu>>
A potential vendor's documentation describes their support for SSO and SAML as follows:
1. User initiates the request via a link
2. Client’s server intercepts and generates SSO assertion
3. SAML assertion is posted to SSO URL by the browser
4. Signature, timestamp, and recipient are posted
5. Payload is examined for destinations
6. User looked-up, must be active
7. User logged-in and redirected to destination (login page or deep link)
Do I correctly infer they are supporting only unsolicited or "idp initiated" SSO?
What caveats (if any) should I relay to the prospective service owner(s)?
I've read https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO
Thanks for any pointers,
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users