shibboleth-dev - Re: SAML/shib 2 & authN referral
Subject: Shibboleth Developers
List archive
- From: "Tom Scavo" <>
- To:
- Subject: Re: SAML/shib 2 & authN referral
- Date: Mon, 19 Jun 2006 19:14:21 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=L602VLlLedTJ2/OepX8Ht4z6oFcXxAlex2osDCHz2WVYGrvbiKQdc/TkEm/cnIrVSuG4wIrND42RmnK+rlZM580NbaZJqpr8xV72sglJdyljw+KFneilzLjNx6l0o68dSDItOD1mkoygqJQXrKijLm1znumR0UkFqZiloCn2q1A=
On 6/19/06, Scott Cantor
<>
wrote:
> Or IdPA could simply pass the assertion from IdPB on through to the
> original SP. If we assume the SP trusts IdPA (not an unreasonable
> assumption it seems), then no transformation is necessary.
Nope. You have an Audience and a Recipient attribute that will both be
rejected by the SP. For that to work, the SP has to be visible to IdPB, and
at that point you're not proxying anymore, nor is there any point to doing
it. The whole use case is predicated on crossing trust boundaries.
Okay, now I'm confused. :-) Remember that conversation we had about
"masquerading SPs" last month? The idea is that the proxy will
impersonate the SP, obtain assertion(s) targeted at the SP, and return
them to the SP unscathed.
Tom
- SAML/shib 2 & authN referral, Tom Barton, 06/19/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
- Re: SAML/shib 2 & authN referral, Tom Barton, 06/19/2006
- Re: SAML/shib 2 & authN referral, Chad La Joie, 06/19/2006
- Re: SAML/shib 2 & authN referral, Tom Barton, 06/19/2006
- Re: SAML/shib 2 & authN referral, RL 'Bob' Morgan, 06/19/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
- Re: SAML/shib 2 & authN referral, Tom Scavo, 06/19/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
- Re: SAML/shib 2 & authN referral, Tom Scavo, 06/19/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
- Re: SAML/shib 2 & authN referral, Tom Scavo, 06/20/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/20/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/20/2006
- Re: SAML/shib 2 & authN referral, Tom Scavo, 06/20/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/20/2006
- Re: SAML/shib 2 & authN referral, Will Norris, 06/20/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/20/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
- Re: SAML/shib 2 & authN referral, Tom Scavo, 06/19/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
- Re: SAML/shib 2 & authN referral, Tom Scavo, 06/19/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
- RE: SAML/shib 2 & authN referral, Scott Cantor, 06/19/2006
Archive powered by MHonArc 2.6.16.