Skip to Content.
Sympa Menu

shibboleth-dev - RE: SAML/shib 2 & authN referral

Subject: Shibboleth Developers

List archive

RE: SAML/shib 2 & authN referral


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>
  • Subject: RE: SAML/shib 2 & authN referral
  • Date: Mon, 19 Jun 2006 13:01:18 -0400
  • Organization: The Ohio State University

> Or IdPA could simply pass the assertion from IdPB on through to the
> original SP. If we assume the SP trusts IdPA (not an unreasonable
> assumption it seems), then no transformation is necessary.

Nope. You have an Audience and a Recipient attribute that will both be
rejected by the SP. For that to work, the SP has to be visible to IdPB, and
at that point you're not proxying anymore, nor is there any point to doing
it. The whole use case is predicated on crossing trust boundaries.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page