English 中文(简体)
2. 使用SSO和Shibboleth2.0的一般问题——从IdP到SP的属性
原标题:General question for using SSO and Shibboleth 2.0 - passing attributes from IdP to SP

I have been reading up on using Shibboleth 2.0 as a Single Sign On technique. One confusion I have is whether it is possible for the Identity Provider (IdP) to send back to Service provider (SP) an email attribute that can indicate to the web app exactly Who is logging in.

例如,如果用户Joe被指示在IdP登记(用户/护照等),并用电子邮件登记Joe@acme.com,而我的申请可以独一无二地识别Joe@acme.com,那么,IdP的认证答复可以表明:1) 是的,此人说是谁,2)他的电子邮件是joe@acme.com。

在什叶派联合会中,SSO似乎的一个主要优势是,申请不必知道anyth涉及Joe在IdP选择的特定用户名和密码。 情况如何? 如果是的话,这种设计是好的,或者建立这种制度的风险和考虑是什么。

如果是而不是良好设计,那么共同选择是什么?

在我的申请中,我落后于SSL,我所有的电子邮件都是众所周知和独特的。 感谢。

最佳回答
问题回答

暂无回答




相关问题
ajax login using httpRequest?

I am trying to develop my login script to give feedback to the user if the login is valid or not. Basically if it isn t correct a div box will show saying its wrong, if its correct it will show its ...

Remotely authenticating client Windows user on demand

Suppose I am writing a server for a particular network protocol. If I know that the client is running on a Windows machine, is it possible for my server to authenticate the Windows user that owns the ...

Role/Permission based forms authorizing/authentication?

While looking into forms authorizing/authentication, I found that it is possible to do role based authorizing by adding an array of roles to a FormsAuthenticationTicket. That way I can write User....

热门标签