•This
is the end of my introduction to SAML.
•There
is much more to learn. For example:
–How does a SP
determine which IdP to use (identity discovery profile)?
–Recall that in the SSO profile, the SP encodes his authentication
request. How is that encoding done?
–We only examined one
of thirteen profiles. How do the other
twelve profiles work? For example, how does the Single Logout
(SLO) profile work?
–IdP proxies - an IdP may receive a authentication request and doesn't
have the requested
authentication information, but knows of another IdP that does; so the first IdP can act as a "proxy" to
the second IdP.