[Openid-specs-ipsie] SAML and IdP Initiated federation (https://github.com/openid/ipsie/issues/100)
Dean H. Saxe
dean at thesax.es
Mon Aug 4 17:49:10 UTC 2025
Following up on this item from the last IPSIE WG meeting, I created
https://github.com/openid/ipsie/issues/100.
tl;dr; SAML based federations are highly dependent upon IdP initiated
federation flows. A recent update to the Common Requirements doc (
https://github.com/openid/ipsie/issues/94,
https://deansaxe.github.io/draft-saxe-ipsie-common-requirements-profile/draft-saxe-ipsie-common-requirements-profile.html)
eliminates the use of IdP initiated flows.
As a WG, we need to determine how to deal with this gap. I see two choices:
1.
Move the requirement for RP initiated flows to SL2, allowing them to
continue at SL1 for SAML implementations.
2.
Keep the requirement at SL1 and figure out how to device a mechanism for
SAML that works similar to
*https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin*
<https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin>
I would appreciate your thoughts on this issue either via the mailing list
or as comments on the issue.
Thanks,
-dhs
--
Dean H. Saxe
dean at thesax.es
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ipsie/attachments/20250804/b5650635/attachment.htm>
More information about the Openid-specs-ipsie
mailing list