Versions Compared

Old Version 8

changes.mady.by.user trscavo@idp.protectnetwork.org

Saved on

compared with

New Version 9

changes.mady.by.user trscavo@idp.protectnetwork.org

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A Combined SAML-X.509 Architecture

Architectural highlights include:

  • Lightweight SAML Web Browser SSO on the front channel
  • IdP Proxy issues X.509-bound SAML authorization tokens on the back channel
  • 100% push technology eliminates heavyweight query and SOAP
  • Centralized attribute and policy stores

...

Identity Management components are shown in purple in the diagram.

...

SAML Web Browser SSO

A browser user makes an authentication request to a SAML Identity Provider (IdP). The IdP authenticates the user and issues a SAML authentication token containing 1) a persistent, non-reassignable identifier, and 2) an authentication context (i.e., a representation of the act of authentication at the IdP). The browser user presents the authentication token to a web portal (or other cyberinfrastructure) protected by a SAML Service Provider (SP). The SP validates the authentication token, consumes the SAML, and populates a local security context with the resulting security information.

...