AW: AW: Programmatically get Assertion for 3rd party resources

Kevin Flückiger kevin.flueckiger at inovitas.ch
Wed May 20 04:55:10 EDT 2015 

>Well, an unsolicited login is a process of obtaining a response for the Browser SSO profile, and it follows the proprietary rules we >created for doing that by sending the parameters required in the query string. It's meant to produce a POST binding response to a >browser for use with that type of SP and it has no applicability to any other use case (and there is no other "trick" to getting the >same result, that's it).

I already assumed that I cannot use the unsolicited login, thanks for the confirmation. 

>We do not provide any facility for stand-alone assertion requests, as those would depend on profiles that don't really exist or at >least haven't been adopted to any significant degree.

So what about the ECP Profile? This is meant for applications other than browsers to get assertions, or did I get this wrong? My problem with this approach is that when I login to my application via the Browser SSO profile and then issue a SOAP call from within my application I would lose the SSO behavior and would need to pass User and Password again with the SOAP call, correct?

-----Ursprüngliche Nachricht-----
Von: users [mailto:users-bounces at shibboleth.net] Im Auftrag von Cantor, Scott
Gesendet: Dienstag, 19. Mai 2015 18:39
An: Shib Users
Betreff: Re: AW: Programmatically get Assertion for 3rd party resources

On 5/19/15, 12:29 PM, "Kevin Flückiger" <kevin.flueckiger at inovitas.ch> wrote:

>Yes, I know. Therefore I want my application to programmatically get the correct assertion (the assertion I see when I do the IdP initiated unsolicited login, which has nothing to do with my SP) for AWS. Sorry if I caused confusion about this.

Well, an unsolicited login is a process of obtaining a response for the Browser SSO profile, and it follows the proprietary rules we created for doing that by sending the parameters required in the query string. It's meant to produce a POST binding response to a browser for use with that type of SP and it has no applicability to any other use case (and there is no other "trick" to getting the same result, that's it).

We do not provide any facility for stand-alone assertion requests, as those would depend on profiles that don't really exist or at least haven't been adopted to any significant degree.

I know nothing about AWS, so I'm answering your questions in the dark here, but the profiles we support are quite specific and documented.

-- Scott

-- 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list