Standard - No way of doing IdP initiated login defined

Comments (8)

1. 

   John Bradley

   To get this to work the id_token needs to indicate that it is a IDP initiated login and have some relay state parameter so the RP knows what the landing page is.

   The problem is that the client needs to know to ignore state and nonce.

   • 2012-05-31T23:59:31+00:00
2. 

   Former user Account Deleted

   What would be a typical use case for such IdP initialited logins?

   • 2012-06-01T09:43:43+00:00
3. 

   Brian Campbell

   I believe it's very important that connect provide a fully standardized/documented way to do IdP init SSO.

   • 2012-06-01T13:35:12+00:00
4. 

   Michael Jones

   • assigned issue to
     
     John Bradley
   • changed status to open

   The WG agrees that this is important to specify. Many cloud use cases will expect to be able to do this - especially becuase it's possible in SAML.

   A pre-existing relationship with the client may be necessary. Related questions that would have to be solved is what client_id to use and what relay state to provide. Out-of-band registration may be necessary.

   • 2012-06-04T23:29:32+00:00
5. 

   John Bradley

   Re #601 add initiate_login_uri for unsolicited request

   → <<cset f7670f9c7702>>

   • 2012-12-29T01:49:49+00:00
6. 

   John Bradley

   Re #601 changed initiate_login_uri to match connect parameter usage, Account chooser passes things in a JSON object on the callback, it is the client JS that POSTs them back to the client, so that may as well use our naming.

   → <<cset 3e30d4a6ef3e>>

   • 2012-12-29T02:18:45+00:00
7. 

   John Bradley

   Re #601 add Initiating login at a client from a third party

   → <<cset a1a5dd66c522>>

   • 2012-12-29T03:08:11+00:00
8. 

   John Bradley

   • changed status to resolved

   Reviewed by Mike. close ticket

   • 2013-01-16T22:04:36+00:00
9. Log in to comment