javafoot
Reputation: 11
SAML redirects each SP request to IDP for checking authentication after successful IDP authentication?
This article shows the process of SAML authentication the first time: https://developers.google.com/google-apps/sso/saml_reference_implementation
My App is compliant with it currently. But, the request is redirected to IDP for authentication when a user clicks links on a page provided by SP. A user can clearly see the IDP URL in the address bar and feels slow.
My Case: SP is located on Jetty, IDP is located on Jboss6.2, they are all behind Apache using the same domain name.
I am using picketlink2.6 with SAML POST binding.
I want to know if:
- This is what SAML designed?
- I should stop this redirection to IDP, and only check the authentication on the local SP? I feel this disadvantage is evident -- App A can't know a user is logged out when the user logged out in App B.
- how to speed up the redirection?
Upvotes: 0
Views: 581
Answers (1)
Anders Abel
Reputation: 69260
- No, SAML is meant to be used to authenticate the initial request. Then you should establish a session in the SP application. This is normally done by a session authentication cookie.
- If you need that, there is support in the SAML standard för Single Logout, which will make sure that a logout terminates all sessions in all SPs and in the Idp.
- You won't have to if it only occurs the first time.
Upvotes: 1
Related Questions
- How to recognise formerly SP initiated authentication on subsequent IdP redirects to SP
- SAML SSO Unsure how a user gets to the protected SP page for IDP initiated SAML
- SAML redirection
- SAML: is it possible to force user to go through login process even when user has an IDP session
- Cause of infinite redirects loop between IDP and SP
- SSO-SAML Logging into IDP from service provicer
- Redirecting to IdP Automatically using Spring SAML
- How can I get SAML to redirect to the right IdP?
- Skip IDP authentication in SAML
- Sending a SAML assertion from IDP to SP