Liberty ID-FF Bindings and Profiles Specification - Liberty Alliance

Liberty Alliance Project:Liberty ID-FF Bindings and Profiles SpecificationVersion: 1.2-errata-v2.0User AgentService ProviderIdentity Provider1. Initiate Profile2. 302; Location: ? () 3. GET: ? 4. ProcessRequest5. 302; Location: ?7. Complete Profile6. GET: ?()1310131113121313131413151316131713181319Figure 6. Register Name Identifier Profile.In an example scenario, the service provider makes an to the identity provider for authenticationof the Principal’s User Agent (step 1). The identity provider effects an change in the service provider via a URL redirection. The profile is as follows:3.3.1.1.1. Step 1: Initiate ProfileThis interaction is not normatively specified as part of the profile, but shown for illustrative purposes.3.3.1.1.2. Step 2: Redirecting to the Service Provider Register Name Identifier ServiceIn step 2, the identity provider redirects the user agent to the register name identifier service at the service provider.The redirection MUST adhere to the following rules:13201321132213231324• The Location HTTP header MUST be set to the service provider’s register name identifier service URL.• The service provider’s register name identifier service URL MUST specify https as the URL scheme; if anotherscheme is specified, the identity provider MUST NOT redirect to the service provider.• The Location HTTP header MUST include a component containing the protocol message as defined in [LibertyProtSchema] with formatting as specified in Section 3.1.2.Liberty Alliance Project36