SSO-SAML从服务提供商登录到IDP
[英]SSO-SAML Logging into IDP from service provicer
问题描述
SP is an app which have its own Auth mechanism and local identities, User can directly login. 
SP是具有自己的Auth机制和本地身份的应用程序,用户可以直接登录。
Is there a way SP can notify IDP about the logged in user so that other SP are logged in from IDP(salesforce) SP是否可以通过某种方式将已登录的用户通知IDP,以便其他SP从IDP(salesforce)登录
[SP1 (u1 logged in using sp1 database)] -> [idp (u1)] [SP1(使用sp1数据库登录的u1)]-> [idp(u1)]
[SP2 ] ---login req--> [idp(u1)] -> [SP2 (u1)] [SP2] ---登录要求-> [idp(u1)]-> [SP2(u1)]
Problem is SP1 have set of users which is not part of idp and other SPs 问题是SP1拥有不属于idp和其他SP的用户集
SP = Service provider SP =服务提供商
IDP = Identity provider IDP =身份提供者
1 个解决方案
解决方案1
1 2016-07-05 06:16:41
Not possible in SAML protocol. 在SAML协议中不可能。 Local identities at SP cannot federate across IdP or other SP's. SP的本地身份不能跨IdP或其他SP联合。
In order to federate the identities, IdP has to receive the AuthnRequest from SP (in case of SP-Init SSO), authenticate at IdP and send assertion to SP. 为了联合身份,IdP必须从SP接收AuthnRequest(对于SP-Init SSO),在IdP进行身份验证并将断言发送给SP。 Thereby, IdP can only federate identities across SPs. 因此,IdP只能在SP之间联合身份。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.