Reputation: 1056
Can a private IdP make an SSO request to a public SP
Ok, so my system is a SAML2 SP. We have tested it on SSOCircle (public saml idp test harness) and it works.
Now we're trying to set it up with a customer (who is an IdP). My question is, if we're doing an IdP Initiated SSO - does the IdP need to be visible to the SP? (the idp is not accessible via web) Or does it not matter, so long as the IdP can post to the SP? (The SP is publicly visible).
My assumption is it doesn't. Correct?
Upvotes: 0
Views: 281
Answers (1)
Reputation: 2273
It really depends on the binding you're using. If you're using the POST binding, indeed, all communications between the IDP and the SP go through the browser and IDP and SP doesn't need to communicate directly.
This is not the case with the Artifact binding where the SP needs to fetch the token on the IDP.
Upvotes: 1
Related Questions
- Correct SAML error if an IDP knows a user but won't authenticate
- ITfoxtec Idp-initiated SSO to SP
- Does SAML 2.0 allow to send SP data to IdP?
- Converting from SP initiated SSO to IdP initiated SSO
- iDP connecting to SP SAML / SSO
- SSO-SAML Logging into IDP from service provicer
- IdP initiated SSO using Spring SAML
- Should SSO Request Bindings match between an SP and IdP?
- Connection between SP and IDP in multiple SP SSO scenario
- IDP initiated SSO for Spring SAML Extension