Project

General

Profile

Development #44

Add to the doc the basic necessity of SAML security

Added by Benjamin Dauvergne almost 9 years ago. Updated almost 7 years ago.

Status:
Nouveau
Priority:
Normal
Assignee:
-
Category:
Documentation
Target version:
Start date:
21 May 2010
Due date:
% Done:

0%

Estimated time:
5.00 h
Patch proposed:
No
Planning:
No

Description

We can add lot of verification between request/response (that the ID match,
that the reponse is qualified toward the SP, etc....), but there will always be
thing we cannot verify inside Lasso, like the IP of the client (if the IdP add
it as a verification means to the AuthnResponse) or if the notBefore, notAfter
attribute are respected (we are not sure of the time at the SP).

We should explicitely mention all those things that the SP could and should
verify aroun SAML exchanges but that are not in the scope of Lasso. It should
eventually be a section of the documentation.

History

#1 Updated by Benjamin Dauvergne over 8 years ago

  • Category set to Documentation

#2 Updated by Benjamin Dauvergne almost 7 years ago

  • Assignee deleted (Benjamin Dauvergne)

Also available in: Atom PDF