从身份提供者启动SAML SSO事务
[英]start a SAML SSO transaction from the identity provider
问题描述
Consider this schema https://developers.google.com/google-apps/sso/saml_reference_implementation . 
考虑以下模式https://developers.google.com/google-apps/sso/saml_reference_implementation 。 User will go to the service provider and from there redirected to the identity provider. 用户将转到服务提供商,并从那里重定向到身份提供商。
But, In my system the user is on the Identity provider to begin with, and presses a link to go to the Service Provider. 但是,在我的系统中,用户首先是在身份提供者上,然后按链接以转到服务提供者。
So, My question is there a problem with skipping step 1 to 4 and start directly from 5 (Generate a SAML "response" and send it to the Service Provider). 因此, 我的问题是跳过步骤1到4并直接从5开始(生成SAML“响应”并将其发送到服务提供商)存在问题。
1 个解决方案
解决方案1
0 已采纳 2015-10-26 17:21:24
Yes, this is called Unsolicited Responses in the SAML specs. 是的,这在SAML规范中称为“未经请求的响应”。 Also called IDP initiated SSO. 也称为IDP启动的SSO。
It depends on the IPD and SP you are using if this is supported or not. 如果不支持,则取决于您使用的IPD和SP。 Generally I recommend against using this. 通常,我建议您不要使用此功能。 It breaks interoperability between products, opens up for XSRF attacs 它破坏了产品之间的互操作性,为XSRF连接打开了大门
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.