Hi,
you most probably asked this question on a wrong forum, but here is what
I got from a fellow colleague of mine, who has understanding about SAML
and OpenSSO:
The second SP send SAML request to the IdP, like the first one did, but
it's going to reuse the existing session and won't give you a login form.
So it's going to use
urn:oasis:names:tc:SAML:2.0:ac:classes:previous-session.
I hope this helps.
Regards,
Peter
2010-03-16 22:43 keltezéssel, glassfish_at_javadesktop.org írta:
> The OpenSSO documentation says that in order to support SSO across domains, you must use something like SAML (or CDSSO) since cookie based methods only work within a domain. How does this scenario work:
> 1. User accesses SP app.
> 2. User is redirected to Identity Provider, authenticated, session created, etc. and redirected back to SP app.
> 3. User then accesses another SP app in another domain that is within the circle of trust.
> Since there is no accessible cookie at the client browser since they came from another domain, how is the second app supposed to lookup the user's existing session with no identifying information?
> [Message sent by forum member 'ssoforum' (chrissie.n.childers_at_lmco.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=392239