OpenSAML user discussion

["Scott Cantor" <>]

> I have a client C which is trying to access a protected resource on
> Server, S.  The access to S is via a Gateway, G
> 
> C --------> G -------------> S
> 
> Now, I want to use SSO and SAML.  How can I implement something that
> when I authenticate C at G, I am automatically given the resource
> (handshake backend) when requested at S?  What are the requirements
> for implementing such a thing and how can I do this.

You probably should move such a query to the saml-dev list, which has more
general SAML participation.

But there's no simple answer to your question. Scenarios involving
intermediaries were not profiled by SAML 1.x and remain fairly theoretical
even in SAML 2.0, although a significant effort was made to think ahead to
enabling such profiles.

As it stands, it's not that you can't use SAML to develop a security profile
for this, but there is no defined profile for it. Liberty's WSF specs define
some things that would be similar, but specifically in the context of web
services.

You're not very specific in your scenario here, and the use of SAML depends
a lot on the application(s) in question. With web services, the SAML token
profile of WSS defines some key pieces for making this kind of thing work in
SOAP, but there's a lot of stuff out there with nothing to do with SOAP.

-- Scott