mace-opensaml-users - RE: SAML 2.0 AuthnRequest
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: "'Andreas Åkre Solberg'" <>, "'OpenSAML'" <>
- Subject: RE: SAML 2.0 AuthnRequest
- Date: Thu, 23 Feb 2006 11:06:26 -0500
- Organization: The Ohio State University
In future, please use the saml-dev or security-services-comment lists at
OASIS, this isn't a general SAML question list.
> In SAML 2.0, the AuthnRequest can be sent from the service provider
> with the user to the IdP before the user is authenticated (Service
> first Web browser SSO Profile).
It normally is sent before.
> I wonder what the subject element
> should contain in this scenario.
Normally it's not present. If it is, it's usually as part of a
reauthentication and is just there as a sanity check.
> Should it contain an empty
> subjectconfirmation and no nameidentifier ? What should the
> subjectconfirmation@method
> be?
The SSO profile specifically precludes passing a confirmation in the
request. Other profiles may not (and in fact do not, there's a Liberty
profile that uses it).
-- Scott
- SAML 2.0 AuthnRequest, Andreas Åkre Solberg, 02/23/2006
- RE: SAML 2.0 AuthnRequest, Scott Cantor, 02/23/2006
- javax.xml.parsers.FactoryConfigurationError, AMBRISH UPADHYAY, 02/27/2006
- Re: javax.xml.parsers.FactoryConfigurationError, Chad La Joie, 02/27/2006
Archive powered by MHonArc 2.6.16.