AW: AW: Programmatically get Assertion for 3rd party resources

Cantor, Scott cantor.2 at
Wed May 20 10:24:30 EDT 2015

On 5/20/15, 2:17 PM, "Kevin Flückiger" <kevin.flueckiger at> 

>Ok I understand. I saw that AWS doesn't support the ECP-Profile anyways, 
>so back to the start.
>Would you say that my use case (login to my application protected by my 
>own SP and then accessing resources protected by a SP out of my control, 
>but trusted by my IdP) is not possible at all?

If the SP supports a standard SSO profile, then you would use that 
profile. If not, it's not an SP in any meaningful sense of that term in 
SAML. Then it's not possible unless you write the code to support it.

It's a simple issue: We support the profiles we document that we support. 
If they don't support any of those profiles, then by definition we don't 
support whatever they do claim to support, making it an extension use case.

-- Scott


More information about the users mailing list