stackoom
  简体   繁体   中英

start a SAML SSO transaction from the identity provider

 原文  2015-10-26 16:30:02       security/ web/ single-sign-on/ saml

Question

Consider this schema https://developers.google.com/google-apps/sso/saml_reference_implementation . User will go to the service provider and from there redirected to the identity provider.
But, In my system the user is on the Identity provider to begin with, and presses a link to go to the Service Provider.
So, My question is there a problem with skipping step 1 to 4 and start directly from 5 (Generate a SAML "response" and send it to the Service Provider).

1 answers

solution1
 0 ACCPTED  2015-10-26 17:21:24

Yes, this is called Unsolicited Responses in the SAML specs. Also called IDP initiated SSO.

It depends on the IPD and SP you are using if this is supported or not. Generally I recommend against using this. It breaks interoperability between products, opens up for XSRF attacs

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Requesting Resource from SAML2 Identity Provider Post-Login Spring saml SSO Java SAML2 SSO client SSO using SAML with Spring Security for REST service Extending WebSphere SAML Identity propogation Spring Security SAML SSO - Global logout SAML service provider signature verification How To Become a SAML Service Provider SSO - Industry practice with SP side SAML response validation Spring SAML SSO with OKTA - InResponseTo when changing web app context
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM