[Openid-specs-fastfed] Question about 7.2.4 (Handshake Finalization)
Wesley Dunnington
wesleydunnington at pingidentity.com
Fri Oct 11 15:06:59 UTC 2019
Good point. With large application providers there could be multiple
in-flight Fastfed transactions. As you said the JWT that the identity
provider send to the application provider for the registration request in
7.2.3.1 contains the IDP domain and the tenant ID of the application
provider. So the most straightforward option would be to re-send the
initial JWT to the finalization endpoint. Alternatively the IDP could
generate a cut-down JWT with just the IDP domain and the tenant id.
Wes Dunnington
On Thu, Oct 10, 2019 at 2:12 PM Brian Rose via Openid-specs-fastfed <
openid-specs-fastfed at lists.openid.net> wrote:
> Hey all,
>
>
>
> In my current POC implementation, I am attempting to set a flag to
> indicate that the full round trip has been completed in the finalization
> step. How does the Application Provider know the provider domain and the
> tenant id so that it can verify that it has been previously whitelisted and
> update any associated data that the Application Provider might want to
> log? During the registration, the JWT contains all of the necessary
> information to do the look up. Also, as a result, is that this endpoint is
> wide open.
>
>
>
> Thanks!
>
> Brian Rose
>
> SailPoint
> _______________________________________________
> Openid-specs-fastfed mailing list
> Openid-specs-fastfed at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fastfed
>
--
<https://www.pingidentity.com>[image: Ping Identity]
<https://www.pingidentity.com>
Wesley Dunnington
Field CTO East Region
508-254-5475
wesleydunnington at pingidentity.com
Connect with us: [image: Glassdoor logo]
<https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm>
[image:
LinkedIn logo] <https://www.linkedin.com/company/21870> [image: twitter
logo] <https://twitter.com/pingidentity> [image: facebook logo]
<https://www.facebook.com/pingidentitypage> [image: youtube logo]
<https://www.youtube.com/user/PingIdentityTV> [image: Blog logo]
<https://www.pingidentity.com/en/blog.html>
<https://www.google.com/url?q=https://www.pingidentity.com/content/dam/ping-6-2-assets/Assets/faqs/en/consumer-attitudes-post-breach-era-3375.pdf?id%3Db6322a80-f285-11e3-ac10-0800200c9a66&source=gmail&ust=1541693608526000&usg=AFQjCNGBl5cPHCUAVKGZ_NnpuFj5PHGSUQ>
<https://www.pingidentity.com/en/events/d/identify-2019.html>
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fastfed/attachments/20191011/e8509efd/attachment-0001.html>
More information about the Openid-specs-fastfed
mailing list