SOA Security
Cantor, Scott
cantor.2 at osu.edu
Tue Feb 24 14:47:37 EST 2015
On 2/24/15, 2:44 PM, "Arnal, Pascal" <Pascal.Arnal at lacapitale.com> wrote:
>I don't understand, how the second SP (service SP) know the user behind
>the first SP (application SP) ?
There are detailed examples in that wiki where the extension is
documented. A delegated assertion is issued with the user as the subject.
The intermediary SP is named in the Delegate element in the condition
included in the assertion for policy purposes.
From the SP point of view, it's all trivial and identical to running any
other application behind the SP. That's the end that is very clean and
easy. The complexity, relatively speaking, is with the need for an
ECP-aware client for service calls.
-- Scott
More information about the users
mailing list