Filter
Top Products
8-19
User Guide for Cisco Digital Media Manager 5.4.x
OL-15762-05
Chapter 8 Authentication and Federated Identity
Concepts
SSO Scenario 1—Trusted + Valid + Authorized
SSO Scenario 2—Trusted + Valid + NOT Authorized
1.
A web browser requests access to a protected resource on an SP.
Your federation will not approve or deny this request until it knows more.
2.
The SP asks its IdP if the browser is currently authenticated to any valid user account in the CoT.
3.
The IdP verifies that:
•
The browser is already connected to an SP elsewhere in the CoT, having authenticated
successfully to a valid user account and having received a SAML “token” or “passport” that
authorizes at least some access.
• The user account has sufficient permissions to access the protected resource.
4.
The IdP acts on the SP’s behalf and redirects the browser immediately to the protected resource.
1.
A web browser requests access to a protected resource on an SP.
Your federation will not approve or deny this request until it knows more.
2.
The SP asks its IdP if the browser is currently authenticated to any valid user account in the CoT.
3.
The IdP verifies that:
•
The browser is already connected to an SP elsewhere in the CoT, having authenticated
successfully to a valid user account and having received a SAML “token” or “passport” that
authorizes at least some access.
• The user account DOES NOT have sufficient permissions.
4.
The IdP redirects the browser to the SP, where an
HTTP 403 Forbidden
message states that the user is
not authorized to access the protected resource.