Quote:
Originally Posted by ChrisV
Not clear on what the flow is supposed to be here. Who/what are they going to provide the auth token to?
User is logged into notIDP's web site and wants to navigate to our partners website.
notIDP's website is going to provide the SAML assertion for the user when they redirect them to our partner's site.
User is on partner's site and wants to go to our site
At this point we would ask notIDP to authenticate the customer but notIDP isn't providing that function and essentially wants us to re-use the assertion they sent to our partner. I don't know enough about SSO to even start Googling for this.