Shibboleth Developers

[杨令 <>]

Thanks a lot for your regards and instructions.I will take careful 
look at that.

best wishes,
yangling 

----- 原邮件 -----
从: Nate Klingenstein 
<>
日期: 星期二, 十月 7日, 2008 上午10:46
主题: Re: [Shib-Dev] idp-initiated SSO

> Yangling,
> 
> > Thank you for reading this letter,which is from Peking  
> > University,China.
> 
> It's great to hear from you guys again.  Give my best regards to 
> Ms.  
> Chen and the rest of the team. :D
> 
> > I have one question here: Have Idp-initiated SSO been 
> implemented  
> > in Shibboleth 2.0? I apprecite you very much.Thank you.
> 
> Basically, yes.  There is no separate implementation to do this,  
> because the functionality can be easily provided just by spoofing 
> an  
> authentication request as if the SP had made it.  You can place 
> such  
> a spoofed authentication request statically on a web page, such as 
> a  
> portal.  This can be done for SAML 1.1 or SAML 2.0, and it can be  
> done for SAML 2.0 using either a Shibboleth 1.3-style 
> authentication  
> request, or a SAML 2.0 AuthnRequest.  You just need to make sure 
> you  
> have the right endpoints selected in your spoof.
> 
> There is a specification that allows this to be done with trust  
> added, but I don't think it's implemented yet, and it's not a  
> requirement for most use cases.
> 
> http://wiki.oasis-open.org/security/ProtocolExtThirdParty
> 
> Take care,
> Nate.
>