One common trick used to achieve SSO
with browser-based applications consists of saving a special
cookie upon successful authentication. All subsequent applications
will just verify the presence of such a cookie and avoid
prompting the user for credentials if they ?¬?nd it. Unfortunately,
the trick doesn??™t work across domains. An application belonging
to a certain domain cannot read cookies written by applications
running on another domain. This simple fact prevented companies
from using the cookie method for achieving SSO with business
partner websites. As a result, many different (and
incompatible) technologies were devised for addressing the
issue.
The SAML solution to the problem entails the creation of an
authority, called the SAML authority or asserting party (AP),
which can state security assertions regarding a principal. An
example of such an assertion may be ???Alice is a principal in my
realm, and she just successfully logged in using username/password
as credentials.??? Such an assertion can be presented by
Alice while she tries to gain access to a service offered by another
realm. The target service, known in the SAML schema as
the relying party (RP), can use the assertion for acquiring information
about Alice and, depending on whether it trusts the AP
and on the local authorization policies, can make an informed
decision about granting or denying access to Alice.
Pages:
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147