The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.
Diff for Identity propagation with SAML
Mon, 2013-07-08 08:00 by ihabo01@gmail.com | Mon, 2013-07-08 08:03 by ihabo01@gmail.com | ||
---|---|---|---|
Changes to Body | |||
Line 24 | Line 24 | ||
</p>
| </p>
| ||
<p>
| <p>
| ||
- | How can I propagate the identity of the user through the invocation chain? <br />
| + | How can I propagate the identity of the user through the invocation chain? What are the constraints that the issued token should respect to make sure it can be "shared" by different entities?
|
- | <br />
| + | |
- | Many thanks in advance
| + | |
</p>
| </p>
| ||
<p>
| <p>
| ||
- | Regards,
| + | Many thanks in advance
|
+ | </p>
| ||
+ | <p>
| ||
+ | Regards,
| ||
</p>
| </p>
| ||
<p>
| <p>
|
Identity propagation with SAML
Hello,
In my scenario I have the following entities:
- SAML secured Portal (Domain A)
- User
- SAML secured API( Domain B, so different domain than the portal)
- an IdP
The user will login first to the portal, when not authenticated, the portal will redirect him to the identity provider to login. Once logged in to the IdP and hence to the Portal, the Portal will possess a SAML token identifying the user.
Now this portal will need to automatically call the API (present on another domain), and pass to it a SAML token identifying the user.
Problem is that the portal only posses the token that has been provided to him, and hence my question:
How can I propagate the identity of the user through the invocation chain? What are the constraints that the issued token should respect to make sure it can be "shared" by different entities?
Many thanks in advance
Regards,
Ihab