AW: AW: AW: Programmatically get Assertion for 3rd party resources
kevin.flueckiger at inovitas.ch
Thu May 21 05:33:11 EDT 2015
>When you describe it that way, that sounds like the canonical use case for SAML delegation, described here:
Thanks for your input Bret. I agree with you, the way I understand my problem really sounds like the SAML delegation use case. If I was under control of the AWS SP I would take this route.
>However, in your initial description it sounded like the AWS consumer wasn't exactly an SP implementing the Web >Browser SSO Profile. If it wants you to obtain (somehow, in an unspecified way) an Assertion targeted to it and then >pass it in a proprietary API call, etc, to establish a session or security context, then that's not really something defined by >an existing common SAML profile, as far as I know.
I believe AWS in fact wants me to go the unsupported way since it is exactly documented like the unsupported way you describe. See: http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSAML.html
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users