SAML Logging into IDP from service provicer

2018-06-21 09:46:33

SP is an app which have its own Auth mechanism and local identities, User can directly login.

Is there a way SP can notify IDP about the logged in user so that other SP are logged in from IDP(salesforce)

[SP1 (u1 logged in using sp1 database)] -> [idp (u1)]

[SP2 ] ---login req--> [idp(u1)] -> [SP2 (u1)]

Problem is SP1 have set of users which is not part of idp and other SPs

SP = Service provider

IDP = Identity provider

Not possible in SAML protocol. Local identities at SP cannot federate across IdP or other SP's.

In order to federate the identities, IdP has to receive the AuthnRequest from SP (in case of SP-Init SSO), authenticate at IdP and send assertion to SP. Thereby, IdP can only federate identities across SPs.

链接地址: http://www.djcxy.com/p/60116.html

上一篇: Sitefinity是否支持SAML 2.0？

下一篇: SAML从服务提供者登录IDP