Propagating principal information to other SPs

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Propagating principal information to other SPs

César Bernardini
Hi,

I have a doubt regarding the following scenario:

Scenario: IdP, SP1 and SP2
IdP, SP1, SP2 belongs to the same federation.

User authenticates using a SP-Initiated SSO passing through SP1 and IdP.

Even if the user never tried to access SP2, is there any way to propagate the 'principal' information to SP2? Or something like an artifact that SP2 can resolve afterwards?

I have seen that there is a profile to propagate Logout messages[0, 1]. I was wondering if it is possible to do something like this with Shibboleth?

Cheers,

[0] http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html#5.3.2.SP-Initiated%20Single%20Logout%20with%20Multiple%20SPs|outline
[1] https://issues.shibboleth.net/jira/browse/IDP-964
________________________________
Barracuda Networks AG
Vorsitzender des Aufsichtsrates/ Chairman of the supervisory board: Dr. Klaus Perktold
Vorstand/ Executive Board: Dr. Klaus Gheri, Mag. Guenter Klausner
Sitz der Gesellschaft/ Registered office: 6020 Innsbruck, Austria
Handelsgericht Innsbruck Firmenbuch/ Registration Number: 184392s
UID-Nr/ VAT Number: ATU47509003

Zweigniederlassung Deutschland/ Office Germany: Radlkoferstr. 2, 81373 München
Handelsregister München / Registration Number: HRB 171749
UID-Nr/ VAT Number: DE237607533

===========================================================
Learn how to protect users, data, and applications with security engineered for the public cloud by Barracuda. http://barracuda.com

DISCLAIMER:
This e-mail and any attachments to it contain confidential and proprietary material of Barracuda, its affiliates or agents, and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.
===========================================================
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]