shibboleth-dev - Re: [Shib-Dev] ECP-IdP interaction
Subject: Shibboleth Developers
List archive
- From: Scott Lowery <>
- To: "<>" <>
- Subject: Re: [Shib-Dev] ECP-IdP interaction
- Date: Wed, 16 Mar 2011 22:22:15 +0000
- Accept-language: en-US
Test
Sent from my iPhone
On Mar 16, 2011, at 5:19 PM, "Kobe"
<>
wrote:
> I am trying to extend an ECP client implementation written by Jonathan
> Teller
> (http://shibboleth.1660669.n2.nabble.com/Basic-auth-authentication-using-IdP-td6156219.html).
>
> a) I read through the ECP profile in the SAMl2 profiles document and do not
> understand how
> to authenticate the principal with the IdP. My ECP client is a front for web
> services that send
> the credentials in basic auth headers. These services are not capable of
> dealing with
> a pfresentation based authentication mechanism. Hence the need for ECP. The
> ECP client
> would obtain the AuthnRequest from the SP and needs to send it to the IdP
> for
> authentication.
>
> What I do not understand from the lines 814-818, lines 876-886 and lines
> 1089-1094
> is how do I convey the credentials from the basic auth headers to the IdP as
> a part
> of the ECP-IdP dispatch of the SP-issued AuthnResponse.
>
> b) Once the ECP client obtains the assertion from the IdP and the ECP client
> has identified the
> assertion consumer URL from SP's original message (lines 1052-1056), with
> what protocol
> (HTTP-GET or PUT) do I convey the
> assertion to the SP and obtain the SP-specific session token?
>
> Any explanations greatly appreciated...
>
> /K
>
> --
> View this message in context:
> http://shibboleth.1660669.n2.nabble.com/ECP-IdP-interaction-tp6179090p6179090.html
> Sent from the Shibboleth - Developers mailing list archive at Nabble.com.
- [Shib-Dev] ECP-IdP interaction, Kobe, 03/16/2011
- Re: [Shib-Dev] ECP-IdP interaction, Scott Lowery, 03/16/2011
- RE: [Shib-Dev] ECP-IdP interaction, Cantor, Scott E., 03/16/2011
Archive powered by MHonArc 2.6.16.