Skip to Content.
Sympa Menu

shibboleth-dev - RE: wrt user entry of a pointer to their IDP ..or.. "invisible SSO"

Subject: Shibboleth Developers

List archive

RE: wrt user entry of a pointer to their IDP ..or.. "invisible SSO"


Chronological Thread 
  • From: "Josh Howlett" <>
  • To: <>
  • Cc: "Josh Howlett" <>
  • Subject: RE: wrt user entry of a pointer to their IDP ..or.. "invisible SSO"
  • Date: Thu, 27 Sep 2007 12:10:43 +0100
> > The reason I think that the lack of channel bindings and mutual
> > authentication *might* be moot is that the Kerberos service
> ticket is
> > not used for authentication of the principal. The ticket is just be
> > acting as a discovery cue for boot-strapping a SAML authN assertion
> > request. In this case, why do channel bindings and mutual
> > authentication matter?
> >
> But don't you want to turn around and use SPNEGO for the
> actual authentication too at some point?

Sure, of course. But this will require significant changes to deployed
infrastructure, and so will take some time.

> Then you have to
> care about mutual auth - especially if you are doing
> credentials delegation :-)

One step at a time :-)

josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxon OX11 0SG

Archive powered by MHonArc 2.6.16.

Top of Page