OpenSAML user discussion

["Pantvaidya, Vishwajit" <>]

> > Sorry for the confusion - opening page has a frameset and self-service
> frame
> 
> As an aside, try to avoid frameset documents, which are a pain.
> 
> > that is returned from the SP but the login screen is returned from the
> IdP.
> 
> So the opening page is at the SP, which implies SP-first.
> 

The opening page of the app which is at the SP has the SP content in one
frame and IdP login screen in another frame).


> > So the user's login request gets submitted to the IdP which then
> > authenticates and sends the result to the SP.
> 
> How does the IdP know the target SP?  In an SP-first scenario, the
> SP's identifier is called out in the AuthnRequest.  In an IdP-first

So in this case does the AuthnRequest embed the SP url to which the response
is to be sent?


> situation, the location of the SP (and all SPs!) is known to the IdP
> up front.  At the IdP, the user is presented with a list of links, one
> for each SP it recognizes.  The form of these links is specified
> precisely by the SAML spec.
> 
> I claim that almost everybody uses an SP-first profile these days.
> That's why IdP discovery has become such an important issue.
> 

The IdP knows the SP and may even be hardcoding the SP URL. The only problem
is when that IdP has to work with multiple SPs and since the result of the
login request needs to be forwarded to a specific SP, then how does the IdP
know which is the one for this request? - in that case, I presume (I am not
a UI guy) the IdP can be passed the SP URL through the opening page?


Thanks,

Vish.