Skip to Content.
Sympa Menu

shibboleth-dev - 回复:Re: [Shib-Dev] idp-initiated SSO

Subject: Shibboleth Developers

List archive

回复:Re: [Shib-Dev] idp-initiated SSO


Chronological Thread 
  • From: 杨令 <>
  • To:
  • Subject: 回复:Re: [Shib-Dev] idp-initiated SSO
  • Date: Tue, 07 Oct 2008 11:16:26 +0800
  • Priority: normal

Thanks a lot for your regards and instructions.I will take careful
look at that.

best wishes,
yangling

----- 原邮件 -----
从: Nate Klingenstein
<>
日期: 星期二, 十月 7日, 2008 上午10:46
主题: Re: [Shib-Dev] idp-initiated SSO

> Yangling,
>
> > Thank you for reading this letter,which is from Peking
> > University,China.
>
> It's great to hear from you guys again. Give my best regards to
> Ms.
> Chen and the rest of the team. :D
>
> > I have one question here: Have Idp-initiated SSO been
> implemented
> > in Shibboleth 2.0? I apprecite you very much.Thank you.
>
> Basically, yes. There is no separate implementation to do this,
> because the functionality can be easily provided just by spoofing
> an
> authentication request as if the SP had made it. You can place
> such
> a spoofed authentication request statically on a web page, such as
> a
> portal. This can be done for SAML 1.1 or SAML 2.0, and it can be
> done for SAML 2.0 using either a Shibboleth 1.3-style
> authentication
> request, or a SAML 2.0 AuthnRequest. You just need to make sure
> you
> have the right endpoints selected in your spoof.
>
> There is a specification that allows this to be done with trust
> added, but I don't think it's implemented yet, and it's not a
> requirement for most use cases.
>
> http://wiki.oasis-open.org/security/ProtocolExtThirdParty
>
> Take care,
> Nate.
>



  • 回复:Re: [Shib-Dev] idp-initiated SSO, 杨令, 10/06/2008

Archive powered by MHonArc 2.6.16.

Top of Page