<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
                
        
        
                <div class="page" title="Page 25">
                        <div class="layoutArea">
                                <div class="column">A potential vendor's documentation describes their support for SSO and SAML as follows:</div><div class="column"><br></div><div class="column"><blockquote type="cite"><p><span style="font-size: 10.000000pt; font-family: 'Arial,Bold'">SAML Authentication:
</span></p>
                                        <ol>
                                                <li style="font-size: 10.000000pt; font-family: 'Arial'"><p><span style="font-size: 10pt; ">User initiates the request via a link
</span></p>
                                                </li>
                                                <li style="font-size: 10.000000pt; font-family: 'Arial'"><p><span style="font-size: 10pt; ">Client’s server intercepts and generates SSO assertion
</span></p>
                                                </li>
                                                <li style="font-size: 10.000000pt; font-family: 'Arial'"><p><span style="font-size: 10pt; ">SAML assertion is posted to SSO URL by the browser
</span></p>
                                                </li>
                                                <li style="font-size: 10.000000pt; font-family: 'Arial'"><p><span style="font-size: 10pt; ">Signature, timestamp, and recipient are posted
</span></p>
                                                </li>
                                                <li style="font-size: 10.000000pt; font-family: 'Arial'"><p><span style="font-size: 10pt; ">Payload is examined for destinations
</span></p>
                                                </li>
                                                <li style="font-size: 10.000000pt; font-family: 'Arial'"><p><span style="font-size: 10pt; ">User looked-up, must be active
</span></p>
                                                </li>
                                                <li style="font-size: 10.000000pt; font-family: 'Arial'"><p><span style="font-size: 10pt; ">User logged-in and redirected to destination (login page or deep link)&nbsp;</span></p>
                                                </li>
                                        </ol></blockquote>Do I correctly infer they are supporting only unsolicited or "idp initiated" SSO?</div><div class="column"><br></div><div class="column">What caveats (if any) should I relay to the prospective service owner(s)?</div><div class="column"><br></div><div class="column">I've read&nbsp;<a href="https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO">https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO</a></div><div class="column"><br></div><div class="column">Thanks for any pointers,</div><div class="column"><br></div><div class="column">David Bantz</div>
                        </div>
                </div></body></html>