If you’ve ever had the pleasure to hear me rant on web access management then you know I like to stress the difference between authentication and authorization. Authentication is the process of ...
found out in the SAML-core spec allows the Subject element, while the WebSSO Profile doesn't (MUST NOT). In a few forums, some argued that the people behind the specs wanted to avoid too much binding between the SP and IdP. User's experience suffers and nothing seems to go much around about SAML 2.1..