The stumbling when I was selecting my IDP from the SAML RP (the Internet2 Wiki) illustrates one issue with this model versus that of OpenID. But, what wasn't shown was that the Wiki set a cookie capturing my choice of IDP so that, on subsequent visits, I'd get immediately directed to ProtectNetwork.org without having to manually select/indicate my IDP. Trade-offs all around.
Note to self: cookies are the bane of creating demos of SSO operations, they often hide exactly that which you want to make explicit.
Tags:
No comments:
Post a Comment