发出POST请求后是否进入同一个SAML会话?
[英]Is it entering same SAML session after POST request is made?
问题描述
There is a URL in which a SAML request is hidden. 
有一个URL,其中隐藏了SAML请求。 While making request, SAML authentication takes place. 发出请求时,将进行SAML身份验证。 I would like to know if I will make the POST request to the hidden SAML URL with the same credentials as provided before. 我想知道是否将使用与以前提供的相同的凭据向隐藏的SAML URL发出POST请求。 Will this session be the same as the one in which I have made the previous request. 本届会议与我上次提出请求的会议相同吗?
PS: The machine, IPs and all are constant while making the requests. PS:机器,IP和所有在发出请求时都是不变的。
1 个解决方案
解决方案1
0 已采纳 2019-03-04 00:25:59
Just like you open multiple tabs to access Google Docs, you would get multiple independent SAML sessions. 就像您打开多个标签来访问Google文档一样,您将获得多个独立的SAML会话。
Each one would have different session ID and different Authentication Context. 每个人将具有不同的会话ID和不同的身份验证上下文。
For example, below are the two SAML responses with the same AWS IdP-init SSO SAML authentication flow. 例如,以下是两个具有相同AWS IdP-init SSO SAML身份验证流程的SAML响应。
<?xml
version="1.0"
encoding="UTF-8"
standalone="no"?>
<saml2p:Response
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://signin.aws.amazon.com/saml"
ID="_c5b2e49b9abcb559d5784487a2a4b419"
IssueInstant="2019-03-04T00:27:36.738Z"
Version="2.0">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://accounts.google.com/o/saml2?
idpid=<idp_id>
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_1ad7cff1e3c1000a8f112a1a43f35457"
IssueInstant="2019-03-04T00:27:36.738Z"
Version="2.0">
<saml2:Issuer>https://accounts.google.com/o/saml2?
idpid=<idp_id>
</saml2:Issuer>
<?xml
version="1.0"
encoding="UTF-8"
standalone="no"?>
<saml2p:Response
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://signin.aws.amazon.com/saml"
ID="_1a68f45a31b8abfde9850907cd65c25b"
IssueInstant="2019-03-04T00:28:27.362Z"
Version="2.0">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://accounts.google.com/o/saml2?
idpid=<idp_id>
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_f0b42fcf11de6279ffb1f890d50b57b2"
IssueInstant="2019-03-04T00:28:27.362Z"
Version="2.0">
<saml2:Issuer>https://accounts.google.com/o/saml2?
idpid=<idp_id>
</saml2:Issuer>
As you can see the SAML Response ID is different between the two. 如您所见,两者之间的SAML响应ID不同。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.