In SP Initiated SSO we send a SAML AuthnRequest and it is optionally signed. Which means only registered service providers who have shared their public certificate may call the SSO endpoint and do SSO. For IdP initiated SSO we do register but don't send a SAML request which means there is no verification. So basically any service provider may call it with valid issuer (known publicly) and as long as a valid user enters his username and password we log him in and send a valid SAML Response.
Thanks, Johann. On Sun, Sep 21, 2014 at 12:31 PM, Prabath Abeysekera <[email protected]> wrote: > Guys, > > Can someone help? > > Cheers, > Prabath > > On Thu, Sep 18, 2014 at 4:47 PM, Prabath Abeysekera <[email protected]> > wrote: > >> Hi Everyone, >> >> Can someone please help me understand $subject? :) >> >> >> Cheers, >> Prabath >> -- >> Prabath Abeysekara >> Associate Technical Lead, Data TG. >> WSO2 Inc. >> Email: [email protected] >> Mobile: +94774171471 >> > > > > -- > Prabath Abeysekara > Associate Technical Lead, Data TG. > WSO2 Inc. > Email: [email protected] > Mobile: +94774171471 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Associate Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
