11

I am studying SAML and SSO, and it looks like the application that use SAML need to be a web application and relying on a browser.

Can anybody tell me why?

My limited knowledge of SAML tells me that SAML relies on session and cookie, which is not available in desktop application or mobile app. Is that the only reason? Can you give me more details about this?

performanceuser
  • 2,793
  • 5
  • 34
  • 44

1 Answers1

9

Well you are partly wrong. There are different access profiles for SAML2. Web browser Single Sign On is probably the most widely used one. It's based on redirects and as name suggest, it needs browser. You can use for example ECP (Enhanced Client or Proxy) profile for command line clients. Sample implementations in different languages are available on Shibboleth Contribution Sites and ECP profile page

Check OASIS documentation for further details

Edit1:

I don't know why are you assuming that I am less lazy than you;)

Here is brief description of ECP profile. In general you should be able to obtain Assertion from IdP and then feed SP with it, without redirections. Unfortunately I don't have much experience with using ECP profile (yet). I am only familiar with the theory.

Erwin
  • 522
  • 4
  • 20
  • 1
    Thanks. Is it possible for a server to directly talk to an IdP and perform some user login? For example, user send some SOAP request to server including username and password, then server as an SP do authentication through IdP? Is ECP doing something like this? – performanceuser Jul 16 '12 at 17:22
  • 1
    I don't like comments formating style so I upgraded my answer. Good luck fighting SAML – Erwin Jul 17 '12 at 11:03