The Burden of Federated Authentication

  If you’ve ever had the pleasure to hear me rant on web access management then you know I like to stress the difference between authentication and authorization.  Authentication is the process of ...
Published May 24, 2016
Version 1.0
authentication
authorization
BIG-IP Access Policy Manager (APM)
saml
security
amolari's avatar
amolari
Icon for Cirrostratus rankCirrostratus
Jun 01, 2016
found out in the SAML-core spec allows the Subject element, while the WebSSO Profile doesn't (MUST NOT). In a few forums, some argued that the people behind the specs wanted to avoid too much binding between the SP and IdP. User's experience suffers and nothing seems to go much around about SAML 2.1..