SAML Response (refresh the claim after a successful SSO session is established)

This topic has 1 reply, 2 voices, and was last updated 1 year, 10 months ago by Andy Cory.

  • Author
    Posts
  • #23229
     grenville.lock
    Participant

    Here is the scenario.
    Numerous SPs and one IDP. The SPs rely in the IDP to provide identity in the SAML response (i.e., first name, last name, address, etc.). An end user logs in to an SP and the IDP sends as part of the SAML repsone the users name and address (thier profile data) and the SP displays that to the user. A user notices their address is out of date. The SP provides a link back to the IDP to facilitate the user updating their address. The IDP provides the user a link back to the SP but their updated address is not passed to the SP. The end user is now confused as they just updated their address. Is there a way to force a new SAML response without forcing the user to logout/in again?

    #23341
     Andy Cory
    Participant

    Instead of the IdP having a link directly back to the SP, if the link was to the IdP-initiated SSO endpoint of the IdP, the IdP shouldn’t redirect to a login page as it would already have a valid session for that use. I would expect, without having tried this, that the IdP would generate a new SAML response and send it back to the user’s browser which would submit it to the SP.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?