Liberty ID-FF Bindings and Profiles Specification - Liberty Alliance

More documents

Recommendations

Info

Liberty Alliance Project:Liberty ID-FF Bindings and Profiles SpecificationVersion: 1.2-errata-v2.0838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872• WML Redirect with GET...Contacting IdP. Please wait.........where:This element provides the host name, port number, and path components of the single sign-on service URL at theidentity provider.= ... ...A component MUST contain a single authentication request:A component MUST contain a single authentication request message inbase64-encoded form.3.2.2.1.2. Step 6: Redirecting to the Service ProviderIn step 6, the identity provider instructs the user agent to access the service provider’s assertion consumer serviceURL, and provides a SAML artifact for de-referencing by the service provider.This step may take place via an HTTP 302 redirect, a WML redirect deck or any other method that results in the useragent being instructed to make an HTTP GET or POST request to the service provider’s assertion consumer service.This response MUST adhere to the following rules:873874875876877878879880• The response MUST contain the service provider’s assertion consumer service URL (for example, as the Locationheader of an HTTP 302 redirect, the action attribute of an HTMLform or the href attribute of a elementin a WML redirect deck).• The service provider’s assertion consumer service URL MUST specify https as the URL scheme.Note:Future protocols may be adopted and enabled to work within this framework. Therefore, implementers areencouraged to not hardcode a reliance on https.• The response MUST include one of the following:Liberty Alliance Project24
Liberty Alliance Project:Liberty ID-FF Bindings and Profiles SpecificationVersion: 1.2-errata-v2.0881882883884885886887888• A component containing a parameter SAMLart, the value of which is the SAML artifact on successor on failure. In the case of failure, the status will be conveyed in the returned in Step 9.Additionally, if the processed in Step 5 included a value for the element, then a parameter named RelayState with a value set to that of the element MUSTbe included in the component.• An HTTP form containing the field LARES with the value of the SAML Artifact as defined in Section 3.2.2.2If a value for was supplied in the , then the form MUST contain afield RelayState, with a value obtained from that element in the .889890• All SAML artifacts returned MUST contain the same identity provider ID.Implementation examples:891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936• HTTP 302 Redirect 302 Location: https://?• HTML Form POST• WML Redirect with POST...Contacting IdP. Please wait.........Liberty Alliance Project25
Page 1 and 2: Liberty Alliance Project:Version: 1
Page 3 and 4: Liberty Alliance Project:Liberty ID
Page 23: Liberty Alliance Project:Liberty ID

Liberty ID-FF Bindings and Profiles Specification - Liberty Alliance

Create successful ePaper yourself

Delete template?

Save as template?