This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Common Domain for Identity Provider Discovery...nobody
Common Domain for Identity Provider Discovery

Version management

Difference between version and

At line 1 added 14 lines
!!! Overview
In [SAML] the [Service providers|SP] need a way to determine which [Identity Provider (IDP)] in a [Circle of Trust] is used by a principal requesting [authentication].
Because [Circles of Trust|Circle of Trust] are configured without regard to their location, this function must work across DNS-defined domains. A [Common Domain] is configured, and a common domain cookie written, for this purpose.
The common domain cookie provides this [Discovery Mechanism].
Let's suppose a [Circle of Trust] contains more than one [Identity Provider (IDP)]. In this case, a [service provider|SP] trusts more than one [Identity Provider (IDP)] so, when a principal needs authentication, the [service provider|SP] with which the principal is communicating must have the means to determine the correct [Identity Provider (IDP)].
To ascertain a principal’s [Identity Provider (IDP)], the [service provider|SP] invokes a protocol exchange to retrieve the [Common Domain] cookie, a cookie written for the purpose of introducing the [Identity Provider (IDP)] to the [service provider|SP]. If no common domain cookie is found, the [service provider|SP] will present a list of trusted [Identity Provider (IDP)] from which the principal can choose. After successful authentication, the [Identity Provider (IDP)] writes (using the configured Writer Service URL) a common domain cookie and, the next time the principal attempts to access a service, the [service provider|SP] finds and reads the common domain cookie (using the configured Reader Service URL), to determine the [Identity Provider (IDP)].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop