AW: AW: AW: Programmatically get Assertion for 3rd party resources

Kevin Flückiger kevin.flueckiger at inovitas.ch
Thu May 21 05:33:11 EDT 2015


>When you describe it that way, that sounds like the canonical use case for SAML delegation, described here:

Thanks for your input Bret. I agree with you, the way I understand my problem really sounds like the SAML delegation use case. If I was under control of the AWS SP I would take this route.

>However, in your initial description it  sounded like the AWS consumer wasn't exactly an SP implementing the Web >Browser SSO Profile.  If it wants you to obtain (somehow, in an unspecified way) an Assertion targeted to it and then >pass it in a proprietary API call, etc, to establish a session or security context, then that's not really something defined by >an existing common SAML profile, as far as I know.

I believe AWS in fact wants me to go the unsupported way since it is exactly documented like the unsupported way you describe. See: http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSAML.html



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150521/3bd61179/attachment.html>


More information about the users mailing list