I have two cross domain apps as service providers. These applications are with IdP (OpenAM) in federation trust. FSSO acomplishes over passive federation, SAML 2.0 protocol, Web Browser SSO Profile. This works fine.
What I have now as an issue is active federation as I see.
Use case :
- Sign on App1 over IdP (web browser profile).
- Invoke from App1 , App2's web service (SOAP) and send something
- App2 web service should process incoming request without authentication (as these two apps are in federation trust)
As I understand, it should be used SOAP binding most probably in combination with artifact or I am looking wrong ? What will be the use case ? Should I send from app1 within SOAP - SAML message completely ? Or to send to App2 service artifact id and then service will resolve artifact from IdP ?
