Hi, Reading draft-ietf-oauth-saml2-bearer-10, it states:
The process by which the client obtains the SAML Assertion, prior to exchanging it with the authorization server or using it for client authentication, is out of scope. Accepting that it's out of scope from the draft, what are the realistic alternatives to obtaining the SAML assertion out of band? WS-Trust provides a direct method to request a SAML assertion from a STS, and the SAML ECP profiles seems to allow this behavior, but it doesn't seem like ECP is very well supported. What other viable means are there from a client to directly request a SAML assertion from an assertion issuer? Tx! adam
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
