shibboleth-dev - RE: SAML/shib 2 & authN referral

Subject: Shibboleth Developers

List archive

RE: SAML/shib 2 & authN referral

From: "Scott Cantor" <>
To: <>
Subject: RE: SAML/shib 2 & authN referral
Date: Mon, 19 Jun 2006 13:01:18 -0400
Organization: The Ohio State University

> Or IdPA could simply pass the assertion from IdPB on through to the
> original SP. If we assume the SP trusts IdPA (not an unreasonable
> assumption it seems), then no transformation is necessary.

Nope. You have an Audience and a Recipient attribute that will both be
rejected by the SP. For that to work, the SP has to be visible to IdPB, and
at that point you're not proxying anymore, nor is there any point to doing
it. The whole use case is predicated on crossing trust boundaries.

-- Scott

SAML/shib 2 & authN referral, Tom Barton, 06/19/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
  - Re: SAML/shib 2 & authN referral, Tom Barton, 06/19/2006
    - Re: SAML/shib 2 & authN referral, Chad La Joie, 06/19/2006
- Re: SAML/shib 2 & authN referral, RL 'Bob' Morgan, 06/19/2006
  - RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
    - Re: SAML/shib 2 & authN referral, Tom Scavo, 06/19/2006
      - RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
        
        Re: SAML/shib 2 & authN referral, Tom Scavo, 06/19/2006
        
        RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
        
        Re: SAML/shib 2 & authN referral, Tom Scavo, 06/20/2006
        RE: SAML/shib 2 & authN referral, Scott Cantor, 06/20/2006
        RE: SAML/shib 2 & authN referral, Scott Cantor, 06/20/2006
        Re: SAML/shib 2 & authN referral, Tom Scavo, 06/20/2006
        RE: SAML/shib 2 & authN referral, Scott Cantor, 06/20/2006
        
        Re: SAML/shib 2 & authN referral, Will Norris, 06/20/2006
        RE: SAML/shib 2 & authN referral, Scott Cantor, 06/20/2006

List archive

RE: SAML/shib 2 & authN referral