0
1. Service Provider ABC.com is configured to accept credentials from IDP MNO.com.
2. Service Provider is also configured as an Identity Provider for XYZ.com.
3. User requests resource from ABC.com, is authenticated successfully against MNO.com.
4. Now the user wants a resource from XYZ.com.
如果用戶通過驗證,XYZ會詢問ABC。該用戶最初是針對MNO.com進行身份驗證的。 MNO.com和XYZ.com不相互瞭解。最初通過MNO.com認證的憑證是否會跨越XYZ.com?換句話說,ABC.com會認爲用戶已通過身份驗證,是否會將從MNO.com收到的憑證提供給XYZ.com?
如果沒有,是否有辦法實現這一目標?或者原始IdP(MNO.com)是否也需要爲XYZ.com服務?
簡而言之:
Identity Provider: MNO.com trusts SP: ABC.com
SP: ABC.com also configured as IDP to XYZ.com
SP: XYZ.com does not know about IDP: MNO.com
不要從MNO.com獲得通過,以XYZ.com只是因爲ABC.com既是SP和身份提供的憑據?
謝謝