Vendor's SAML support interpretation

David Langenberg davel at
Tue Feb 19 16:54:39 EST 2013

Sounds like it could be interpreted as that.  However, SP lazy session initiation can be described the same way.


David Langenberg
Identity & Access Management
The University of Chicago

On Feb 19, 2013, at 2:52 PM, David Bantz <dabantz at<mailto:dabantz at>>

A potential vendor's documentation describes their support for SSO and SAML as follows:

SAML Authentication:

  1.  User initiates the request via a link

  2.  Client’s server intercepts and generates SSO assertion

  3.  SAML assertion is posted to SSO URL by the browser

  4.  Signature, timestamp, and recipient are posted

  5.  Payload is examined for destinations

  6.  User looked-up, must be active

  7.  User logged-in and redirected to destination (login page or deep link)

Do I correctly infer they are supporting only unsolicited or "idp initiated" SSO?

What caveats (if any) should I relay to the prospective service owner(s)?

I've read

Thanks for any pointers,

David Bantz
To unsubscribe from this list send an email to users-unsubscribe at<mailto:users-unsubscribe at>

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list