The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Common domain cookies

I have been tasked with an integration that includes an IdP and an SP on the same domain. Our original idea was to use the SAML POST bindings to establish authentication and for logout requests. My question is, can I incorporate common domain cookies to make my job easier? I'm fairly new to the SAML standard, so I apologize if the answer is obvious.

Do you mean common domain cookies in the "SAML discovery profile" sense, or just the generic point that you have a shared domain? If you only have one IdP, you don't need a discovery solution.

SAML, and most other SSO mechanisms, assume no shared domain because it's much simpler to do SSO when you can do it with a cookie exchange. You probably don't need SAML at all if you have one, but if you use SAML, the profile should already tell you what you need to know. A common domain doesn't enter into it. Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I