Symantec Access Management

  • Private Community

  • 1.  Insert user creds in SAML Request

    Posted Nov 10, 2015 02:42 PM

    Hi All,

      We have a requirement : The service provider will collect user creds and pass it to IDP for authentication. Is that possible by inserting user creds in SAML request generated by SP?



  • 2.  Re: Insert user creds in SAML Request
    Best Answer

    Posted Nov 12, 2015 01:25 PM

    rahulk.s

     

    Why would SP collect User Credentials and pass it over the wire (internet) from SP Organization to IdP Organization? Don't you think it is a better solution (norm) for IdP to challenge and ask for Credentials. 

     

    Where is the User Repository where this Credential is stored. Since IdP is going to authenticate the credentials; the users Identity Info is owned and managed by IdP Organization. The SP has no rights to ask the User for entering their IdP credentials on SP Side. I would be surprised if the IdP Organization even agreed to this and then use SAML as a channel to do it.

     

    Please follow SAML Standards and do not devise such custom solution which fits no Standards OR no Specifications. I would recommend revisiting the design and chalking out what is really needed to achieve SSO.

     

    Alternatively, if you could suggest the reasoning behind adopting such a wayward approach, it may be helpful to try and understand WHY?

     

     

    Regards

     

    Hubert



  • 3.  Re: Insert user creds in SAML Request

    Posted Nov 17, 2015 09:02 PM

    Sorry Hubert for asking such a wired  question. I know that is impossible using SAML response to send password and Federation is using to eliminate the use of multiple credentials. But I got one requirement saying SP will collect the creds and pass it to IDP. I tried to convince them in all the way but they wanted me to check with some experts. Now everything is clear. Thanks for the reply.