proxy-authentication to SP
Ulf Seltmann
seltmann at ub.uni-leipzig.de
Thu May 7 06:35:14 EDT 2015
Hello Perry,
i trust the IdP, but i do not trust the SP. For that i wanted the "bar
SP" to talk to the IdP as well to verify that the asking user is
authenticated.
Giving "foo SP" a definite access to "bar SP" is defective by design. if
it becomes compromised one only need a user's id to access the user's
data on "bar SP".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://shibboleth.net/pipermail/users/attachments/20150507/c7f4f3e0/attachment.sig>
More information about the users
mailing list