On Fri, Feb 12, 2010 at 10:19 AM, K.Manikandan <[email protected]> wrote:
> > > Would'nt simple cookies help you here since your domain is the same. > > > > SAML is for identity federation and is too big a monster for your use > > case. > > Have used SAML recently and AFAIK python-saml works for GoogleApps only. > > You can use the python binding of lasso library. ( > > http://lasso.entrouvert.org/) > > > > > > Domain = ".kkk.edu" > > > > > > Best regards, > > Bhaskar. > > Each aaa.kkk.edu and bbb.kkk.edu receives separate > requests.In such a case,working with req['session'] may not > help here.How does python-lasso help in this scenario? > Seperate requests? Session management? Can you explain your use-case in a bit more details. SAML is for federating identities. So for example, you have multiple applications/web servers requiring authentication. So you can have a single identity provider which handles the authentication of the users and sends the user "details" to the application concerned. There is trust between the applications and the identity provider. There are things called profiles and the most common one is the "Web browser SSO profile". I dont thing session management could be handled. Most commonly SAML is used for identity federation and Single Sign On only. So in the web browser SSO profile, say you have two applications - GoogleApps and Salesforce. You set up an identity provider locally and configure the two applications for SSO. When a user tries to access the application, the application redirects the browser (User Agent) to the identity provider. The identity provider handles the authentication and authorization part. If authentication is successful, it sends an assertion to the application. The application is no more concerned about the authentication part. Advantages are if you are already authenticated with the identity provider, you achieve SSO with all the applications. If the user leaves the company, he can no longer access the application. (Day zero user revocation) etc etc Pretty detailed standard though. Can check - http://docs.oasis-open.org/security/saml/v2.0/ Can ask the same on saml-dev mailing list - http://lists.oasis-open.org/archives/saml-dev/ With best regards, Bhaskar. _______________________________________________ BangPypers mailing list [email protected] http://mail.python.org/mailman/listinfo/bangpypers
