Skip to Content.
Sympa Menu

mace-opensaml-users - RE: Use SAML Assertion as Kerberos Ticket

Subject: OpenSAML user discussion

List archive

RE: Use SAML Assertion as Kerberos Ticket


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: "'Derek Atkins'" <>
  • Cc: "'Pham Hoai Van'" <>, <>
  • Subject: RE: Use SAML Assertion as Kerberos Ticket
  • Date: Wed, 23 Mar 2005 13:55:50 -0500
  • Organization: The Ohio State University

> No, there's no pre-shared secret between the user and the SP, just between
> the user and the KDC.

I know. The SAML subject confirmation key would be the session key, it's the
KDC-supplied secret that both the parties can decrypt but nobody else can.

> Sure, but at this point you're re-inventing kerberos; why would you
> want to do that instead of just using RFC1510bis?

Of course, but that's precisely what the person was asking about. So yes,
it's possible, and no, I wouldn't do it.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page