Versions Compared

Old Version 3

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 4

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As a multi-protocol system, the SP itself is oblivious to specific management protocols; each handler provides the implementation of a particular protocol.

The only Implementation exist only available is for the SAML2 protocol. 

SAML2

The SAML 2.0 NameID management handler implements the SAML 2.0 Browser NameID management profile. The incoming message must be a <samlp:ManageNameIDRequest>. SP-initiated management is not currently supported.

If the message is a request via a front-channel binding, then the following steps are performed. If an error occurs at any point, an effort is made to respond to the requesting IdP with a <samlp:ManageNameIDResponse>containing the error.

  1. Verification of the information in the request against the active session is done.
  2. The back-channel application notification loop is executed.
  3. <samlp:ManageNameIDResponse> is returned to the requesting IdP.

If the message is a request via a back-channel binding, then the following steps are performed:

  1. The back-channel application notification loop is executed.
  2. <samlp:ManageNameIDResponse> is returned to the requesting IdP.

The following Binding values are supported:

  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
  • urn:oasis:names:tc:SAML:2.0:bindings:SOAP

...