mace-opensaml-users - RE: SAML1.x or SAML2.x?
Subject: OpenSAML user discussion
List archive
- From: "Pantvaidya, Vishwajit" <>
- To: Tom Scavo <>
- Cc:
- Subject: RE: SAML1.x or SAML2.x?
- Date: Thu, 20 Apr 2006 17:02:20 -0700
> -----Original Message-----
> From: Tom Scavo
> [mailto:]
> Sent: Thursday, April 20, 2006 4:32 PM
> To: Pantvaidya, Vishwajit
> Cc:
>
> Subject: Re: SAML1.x or SAML2.x?
>
> On 4/20/06, Pantvaidya, Vishwajit
> <>
> wrote:
> >
> > So basically looks like in our case the SAML assertion xml will be
> passed
> > through the URL parameters.
> >
> > I checked SAML 1.1 and 2.0 specs and it seems that 1.1 does not support
> this
> > scenario.
>
> That's true, SAML 1.1 does not have an HTTPRedirect binding. However,
> is there some reason why you can't use Browser/POST?
>
Wouldn't browser post involve an additional click on the part of the user?
Or are you suggesting that the authenticating web-server do an HTTP POST to
us instead of a URL redirect?
> More importantly, SAML 1.1 does not support SP-first profiles. Is
> there some reason why you can't just use Shibboleth (which defines an
> AuthnRequest profile)? That sure would make your like easier. :-)
>
My understanding is that we would not need SP-first profiles and
AuthnRequest. Our opening page itself redirects user to the authenticating
web-server URL - so I guess we would not send any AuthnRequest. Basically it
is almost as if the user logs on to the web-server which then redirects it
to our site. So my understanding is that we only need to process an inbound
assertion. Does this make sense?
But I am open to using Shibboleth if that makes my job easier. My only
requirement is to use SAML and as Shibboleth seems to be built on SAML, that
is okay.
Thanks,
Vish.
- SAML1.x or SAML2.x?, Pantvaidya, Vishwajit, 04/20/2006
- Re: SAML1.x or SAML2.x?, Tom Scavo, 04/20/2006
- <Possible follow-up(s)>
- RE: SAML1.x or SAML2.x?, Pantvaidya, Vishwajit, 04/20/2006
- Re: SAML1.x or SAML2.x?, Tom Scavo, 04/20/2006
- RE: SAML1.x or SAML2.x?, Scott Cantor, 04/20/2006
- RE: SAML1.x or SAML2.x?, Pantvaidya, Vishwajit, 04/20/2006
- Re: SAML1.x or SAML2.x?, Tom Scavo, 04/21/2006
- RE: SAML1.x or SAML2.x?, Pantvaidya, Vishwajit, 04/21/2006
- Re: SAML1.x or SAML2.x?, Tom Scavo, 04/21/2006
- RE: SAML1.x or SAML2.x?, Pantvaidya, Vishwajit, 04/21/2006
- Re: SAML1.x or SAML2.x?, Tom Scavo, 04/21/2006
- RE: SAML1.x or SAML2.x?, Pantvaidya, Vishwajit, 04/21/2006
- RE: SAML1.x or SAML2.x?, Pantvaidya, Vishwajit, 04/21/2006
Archive powered by MHonArc 2.6.16.