Adam, It may be a self signed SAML assertion.
That is likely the case where someone wanted to use asymmetric keys to authenticate to the Token Endpoint. I could see an STS used in some cases. ECP is a touch unlikely unless someone was super keen. The client could use a Web SSO profile to get a assertion for the user if you are using the Assertion profile for the Authorization endpoint. There is also a JWT token profile for assertions, you knew I couldn't resist a plug:) John B. On 2012-04-05, at 10:35 PM, Lewis Adam-CAL022 wrote: > Hi, > > Reading draft-ietf-oauth-saml2-bearer-10, it states: > > The process by which the client obtains the SAML Assertion, prior to > exchanging it with the authorization server or using it for client > authentication, is out of scope. > > Accepting that it’s out of scope from the draft, what are the realistic > alternatives to obtaining the SAML assertion out of band? WS-Trust provides > a direct method to request a SAML assertion from a STS, and the SAML ECP > profiles seems to allow this behavior, but it doesn’t seem like ECP is very > well supported. What other viable means are there from a client to directly > request a SAML assertion from an assertion issuer? > > Tx! > adam > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
