Comments (5)
It seems more appropriate and generic if the SP provides known information about the user to the IdP at each instance, rather than the IdP trying to store it in session cookies. Adding such information as optional request data seems appropriate. It does necessarily mean that storing data in cookies is bad och should be banned, but would be overridden by data provided in the the request.
from technical-framework.
One alternative to defining a new extension for this purpose is to pass the Subject element in the AuthnRequest and there make use of the SPProvidedID. Section 2.2.2 of SAML-core states:
A name identifier established by a service provider or affiliation of providers for the entity, if
different from the primary name identifier given in the content of the element. This attribute
provides a means of integrating the use of SAML with existing identifiers already in use by a
service provider. For example, an existing identifier can be "attached" to the entity using the Name
Identifier Management protocol defined in Section 3.6.
This may not be as generic as an own datatype, but on the upside we don't have to define an extension of our own.
from technical-framework.
A new resolution to this issue has been included in the last pull request.
from technical-framework.
This will not make it into the June 2018 release.
from technical-framework.
PR #70, which is merged into the master branch now presents a draft for an AuthnRequest
extension - Principal Selection in SAML Authentication Requests.
from technical-framework.
Related Issues (20)
- Change service entity categories to cover more AuthnContext URI:s
- Make RequesterID RECOMMENDED for Identity Providers HOT 3
- Add new DSS error code for failed user authentication HOT 1
- Setup structure for OpenID Connect specifications
- Re-draw picture in intro
- Signature Activation Protocol (SAP) sign message cleanup HOT 2
- The notBefore and notAfter in SignRequestExtension should be removed
- OAuth 2 Specifications for Sweden Connect HOT 3
- Re-structure main page
- Custom message during authentication HOT 2
- Define attribute to contain id-matching-level HOT 1
- Make changes for the identity matching project
- Write descriptive document about Identity Binding levels and processes
- Update "tekniska anslutningsregler" with new rules for who can sign "Förbetald e-legitimering".
- OIDC: Add claims and scopes specification for Sweden Connect
- Update requirements regarding LoA4
- Update of links in documents needed. HOT 1
- Update Identity Binding document
- Prevent @ from appearing in values used for scoped attributes. HOT 2
- Update meaning of personalIdentityNumberBinding attribute
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from technical-framework.