[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Use of Provider ID in Redirect-Artifact Profile
Hi all,
I need to verify my implementation and would appreciate any
feedback.
I have implemented Redirect-Artifact Profile for authentication.
1. Upon verification of credentials, IDP does a redirect to the SP with a
SAML Artifact
2. During the redirect, the IDP drops a common domain cookie on user's
machine. The name of this cookie is the same as the 'ProviderID' in the SAML
Artifact and its value is an identifier which can be resolved (by the SP) to get
IDP's Artifact Resolution Service?
Is this a correct approach? Is there any security issue here?
2b. Can I just put the value of the cookie as the URI of the IDP's
Artifact Resolution Service? This would save a step to resolve IDP's identifier.
Is there any restriction as to what value the cookie can have?
Thanks in advance!
=kunal
+contact: http://public.xdi.org/=kunal
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]