ECP Profile for SAMLv2 Notes

From OpenLiberty.org Wiki

 The intent of this section is to nail down implementation details regarding the ECP plugin.  This walkthrough assumes no previous authentication has taken place

Contents 1 Sample Walkthrough 1.1 ECP augments outgoing requests 1.2 Service Provider responds with 'application/vnd.paos+xml' document 1.3 ECP caches relevant data for later interactions with the Identity Provider 1.4 ECP may at this point consult the User to choose an Identity Provider from previous interactions or from Service Provider supplied list 1.5 ECP sends out stripped-down request to the Identity Provider 1.6 Identity Provider (at some point) responds with 'text/xml' document, containing AuthnResponse 1.7 ECP verifies AuthnResponse has corresponding cached AuthnRequest 1.8 ECP composes new message to Service Provider, including cached RelayState info 1.9 Service Provider responds by returning content from original request

Sample Walkthrough

ECP augments outgoing requests

 ...
 Accept: ..., application/vnd.paos+xml
 PAOS: urn:

Service Provider responds with 'application/vnd.paos+xml' document

ECP caches relevant data for later interactions with the Identity Provider

ECP may at this point consult the User to choose an Identity Provider from previous interactions or from Service Provider supplied list

ECP sends out stripped-down request to the Identity Provider

Identity Provider (at some point) responds with 'text/xml' document, containing AuthnResponse

ECP verifies AuthnResponse has corresponding cached AuthnRequest

ECP composes new message to Service Provider, including cached RelayState info

Service Provider responds by returning content from original request