why is SAML based on browser

回眸只為那壹抹淺笑 提交于 2020-01-13 08:06:53

问题


I am studying SAML and SSO, and it looks like the application that use SAML need to be a web application and relying on a browser.

Can anybody tell me why?

My limited knowledge of SAML tells me that SAML relies on session and cookie, which is not available in desktop application or mobile app. Is that the only reason? Can you give me more details about this?


回答1:


Well you are partly wrong. There are different access profiles for SAML2. Web browser Single Sign On is probably the most widely used one. It's based on redirects and as name suggest, it needs browser. You can use for example ECP (Enhanced Client or Proxy) profile for command line clients. Sample implementations in different languages are available on Shibboleth Contribution Sites and ECP profile page

Check OASIS documentation for further details


Edit1:

I don't know why are you assuming that I am less lazy than you;)

Here is brief description of ECP profile. In general you should be able to obtain Assertion from IdP and then feed SP with it, without redirections. Unfortunately I don't have much experience with using ECP profile (yet). I am only familiar with the theory.



来源:https://stackoverflow.com/questions/11462938/why-is-saml-based-on-browser

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!