mace-opensaml-users - Re: Need help: SAML enable Appliance
Subject: OpenSAML user discussion
List archive
- From: Smith Baylor <>
- To: Scott Cantor <>
- Cc:
- Subject: Re: Need help: SAML enable Appliance
- Date: Thu, 5 Aug 2004 14:10:49 -0700
Let me elaborate on the scenario a little bit more
|
C -------------->| -----> G ---------------------> S
| ^ ^^
| |------|-------------------|
| |
| |---------------------
| | SSO Server |
| -----------------------
|
Client | Service Provider
All that I want to do is provide a way to use the same SSO server for
authenticating a user at the gateway and later use the same token
within a Web or App Server so that I don't have to reauthenticate the
person.
Note that I am not asking for Impersonation of credentials and I don't
want to do impersonation.
Smith
On Thu, 5 Aug 2004 16:53:25 -0400, Scott Cantor
<>
wrote:
>
>
> > I have a client C which is trying to access a protected resource on
> > Server, S. The access to S is via a Gateway, G
> >
> > C --------> G -------------> S
> >
> > Now, I want to use SSO and SAML. How can I implement something that
> > when I authenticate C at G, I am automatically given the resource
> > (handshake backend) when requested at S? What are the requirements
> > for implementing such a thing and how can I do this.
>
> You probably should move such a query to the saml-dev list, which has more
> general SAML participation.
>
> But there's no simple answer to your question. Scenarios involving
> intermediaries were not profiled by SAML 1.x and remain fairly theoretical
> even in SAML 2.0, although a significant effort was made to think ahead to
> enabling such profiles.
>
> As it stands, it's not that you can't use SAML to develop a security profile
> for this, but there is no defined profile for it. Liberty's WSF specs define
> some things that would be similar, but specifically in the context of web
> services.
>
> You're not very specific in your scenario here, and the use of SAML depends
> a lot on the application(s) in question. With web services, the SAML token
> profile of WSS defines some key pieces for making this kind of thing work in
> SOAP, but there's a lot of stuff out there with nothing to do with SOAP.
>
> -- Scott
>
>
- Need help: SAML enable Appliance, Smith Baylor, 08/05/2004
- RE: Need help: SAML enable Appliance, Scott Cantor, 08/05/2004
- Re: Need help: SAML enable Appliance, Smith Baylor, 08/05/2004
- RE: Need help: SAML enable Appliance, Scott Cantor, 08/05/2004
- Re: Need help: SAML enable Appliance, Smith Baylor, 08/05/2004
- RE: Need help: SAML enable Appliance, Scott Cantor, 08/05/2004
- xml library issues, Mike Ferraro, 08/13/2004
- RE: xml library issues, Scott Cantor, 08/13/2004
- Re: xml library issues, Mike Ferraro, 08/13/2004
- RE: xml library issues, Scott Cantor, 08/13/2004
- Re: xml library issues, Walter Hoehn, 08/13/2004
- Re: xml library issues, Mike Ferraro, 08/13/2004
- RE: xml library issues, Scott Cantor, 08/13/2004
- xml library issues, Mike Ferraro, 08/13/2004
- RE: Need help: SAML enable Appliance, Scott Cantor, 08/05/2004
- Re: Need help: SAML enable Appliance, Smith Baylor, 08/05/2004
- RE: Need help: SAML enable Appliance, Scott Cantor, 08/05/2004
- Re: Need help: SAML enable Appliance, Smith Baylor, 08/05/2004
- RE: Need help: SAML enable Appliance, Scott Cantor, 08/05/2004
Archive powered by MHonArc 2.6.16.