'RE: Shibboleth Authentication request flow'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    RE: Shibboleth Authentication request flow
From:       Sathish Anickode <SAnickode () skytouchtechnology ! com>
Date:       2014-12-18 19:01:09
Message-ID: BL2PR08MB4675AF039AB5A893F9F3BD2C46A0 () BL2PR08MB467 ! namprd08 ! prod ! outlook ! com
[Download RAW message or body]

Thanks! The below url's were very informative and answered lots of my questions.

From: users-bounces@shibboleth.net [mailto:users-bounces@shibboleth.net] On Behalf Of \
                David Gersic
Sent: Thursday, December 18, 2014 7:28 AM
To: Shib Users
Subject: Re: Shibboleth Authentication request flow


Shibboleth is an implementation of SAML. So if you understand how SAML works, you \
understand what Shibboleth is doing. Start here for basic SAML description:



http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language



https://blog.surfnet.nl/?p=1417







________________________________
From: users-bounces@shibboleth.net<mailto:users-bounces@shibboleth.net> \
<users-bounces@shibboleth.net<mailto:users-bounces@shibboleth.net>> on behalf of \
Sathish Anickode <SAnickode@skytouchtechnology.com<mailto:SAnickode@skytouchtechnology.com>>
                
Sent: Wednesday, December 17, 2014 9:02 PM
To: Shib Users
Subject: Shibboleth Authentication request flow

I would like to understand how the authentication request flows between the user's \
browser, SP and IdP.

A user accesses a resource on a SP for the first time and since there is no \
associated authenticated session, a SAML request is sent to the IdP to authenticate \
the user. Since the user does not have an associated session on the IdP, does the IdP \
send back a SAML response requesting the user to be redirected to the login page? Can \
you please clarify how this interaction works?


[Attachment #3 (text/html)]

<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
	{mso-style-priority:99;
	mso-style-link:"Balloon Text Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:8.0pt;
	font-family:"Tahoma","sans-serif";}
p.msochpdefault, li.msochpdefault, div.msochpdefault
	{mso-style-name:msochpdefault;
	margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Calibri","sans-serif";}
span.emailstyle17
	{mso-style-name:emailstyle17;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.BalloonTextChar
	{mso-style-name:"Balloon Text Char";
	mso-style-priority:99;
	mso-style-link:"Balloon Text";
	font-family:"Tahoma","sans-serif";}
span.EmailStyle22
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;
	font-family:"Calibri","sans-serif";}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Thanks! The below url&#8217;s were \
very informative and answered lots of my questions.<o:p></o:p></span></p> <p \
class="MsoNormal"><span style="color:#1F497D"><o:p>&nbsp;</o:p></span></p> <div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span \
style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span \
style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> \
users-bounces@shibboleth.net [mailto:users-bounces@shibboleth.net] <b>On Behalf Of \
</b>David Gersic<br> <b>Sent:</b> Thursday, December 18, 2014 7:28 AM<br>
<b>To:</b> Shib Users<br>
<b>Subject:</b> Re: Shibboleth Authentication request flow<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<div id="divtagdefaultwrapper">
<p style="background:white"><span \
style="font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black">Shibboleth \
is an implementation of SAML. So if you understand how SAML works, you understand \
what Shibboleth is doing. Start here for basic SAML \
description:<o:p></o:p></span></p> <p style="background:white"><span \
style="font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black"><o:p>&nbsp;</o:p></span></p>
 <p style="background:white"><span \
style="font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black"><a \
href="http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language" \
id="lnk399212">http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language</a><o:p></o:p></span></p>
 <p style="background:white"><span \
style="font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black"><o:p>&nbsp;</o:p></span></p>
 <p style="background:white"><span \
style="font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black"><a \
href="https://blog.surfnet.nl/?p=1417" \
id="lnk573904">https://blog.surfnet.nl/?p=1417</a><o:p></o:p></span></p> <p \
style="background:white"><span \
style="font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black"><o:p>&nbsp;</o:p></span></p>
 <p style="background:white"><span \
style="font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black"><o:p>&nbsp;</o:p></span></p>
 <p style="background:white"><span \
style="font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black"><o:p>&nbsp;</o:p></span></p>
 <div>
<div class="MsoNormal" align="center" style="text-align:center;background:white">
<span style="font-size:12.0pt;color:#212121">
<hr size="3" width="98%" align="center">
</span></div>
<div id="divRplyFwdMsg">
<p class="MsoNormal" style="background:white"><b><span \
style="color:black">From:</span></b><span style="color:black"> <a \
href="mailto:users-bounces@shibboleth.net">users-bounces@shibboleth.net</a> &lt;<a \
href="mailto:users-bounces@shibboleth.net">users-bounces@shibboleth.net</a>&gt; on \
behalf of Sathish Anickode &lt;<a \
href="mailto:SAnickode@skytouchtechnology.com">SAnickode@skytouchtechnology.com</a>&gt;<br>
 <b>Sent:</b> Wednesday, December 17, 2014 9:02 PM<br>
<b>To:</b> Shib Users<br>
<b>Subject:</b> Shibboleth Authentication request flow</span><span \
style="font-size:12.0pt;color:#212121"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="background:white"><span \
style="font-size:12.0pt;color:#212121">&nbsp;<o:p></o:p></span></p> </div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:#212121">I would \
like to understand how the authentication request flows between the user&#8217;s \
browser, SP and IdP.<o:p></o:p></span></p> <p class="MsoNormal" \
style="background:white"><span style="color:#212121">&nbsp;<o:p></o:p></span></p> <p \
class="MsoNormal" style="background:white"><span style="color:#212121">A user \
accesses a resource on a SP for the first time and since there is no associated \
authenticated session, a SAML request is sent to the IdP to authenticate the user. \
Since the user  does not have an associated session on the IdP, does the IdP send \
back a SAML response requesting the user to be redirected to the login page? Can you \
please clarify how this interaction works?<o:p></o:p></span></p> <p class="MsoNormal" \
style="background:white"><span style="color:#212121">&nbsp;<o:p></o:p></span></p> \
</div> </div>
</div>
</div>
</div>
</body>
</html>



-- 
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
--===============6614290376189831930==--

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic