9 Feb
2010
9 Feb
'10
3:42 p.m.
Joost Van Dijk wrote on 2010-02-09:
In this scheme, a user presenting an OpenID URL like
https://openid.surfnet.nl/myuniversity/john
would be redirected by the RP first to our gateway, then to the SAML IDP mapped from 'myuniversity', where the user needs to authenticate as 'john'. After returning on the gateway, before being sent back to the RP, it is checked that it was actually john who logged in.
Ok, so your gateway is basically creating OpenIDs that facilitate mapping. I was wondering also what the opposite direction looked like. How do your (originally SAML) RPs handle OpenID users? Do they get EPPNs? SAML NameIDs? Handle both types of IDs? -- Scott