Chapter 6 Authentication and Federated Identity

Concepts

SSO Scenario 2—Trusted + Valid + NOT Authorized

NEW IN CISCO DMS 5.2.3

1.A web browser requests access to a protected resource on an SP.

Your federation will not approve or deny this request until it knows more.

2.The SP asks its IdP if the browser is currently authenticated to any valid user account in the CoT.

3.The IdP verifies that:

The browser is already connected to an SP elsewhere in the CoT, having authenticated successfully to a valid user account and having received a SAML “token” or “passport” that authorizes at least some access.

The user account DOES NOT have sufficient permissions.

4.The IdP redirects the browser to the SP, where an HTTP 403 Forbidden message states that the user is not authorized to access the protected resource.

SSO Scenario 3—Nothing Known

NEW IN CISCO DMS 5.2.3

1.A web browser requests access to a protected resource on an SP.

Your federation will not approve or deny this request until it knows more.

2.The SP asks its IdP if the browser is currently authenticated to any valid user account in the CoT.

 

 

User Guide for Cisco Digital Media Manager 5.2.x

 

 

 

 

 

 

OL-15762-03

 

 

6-19

 

 

 

 

 

Page 65
Image 65
Cisco Systems 5.2.x manual SSO Scenario 2-Trusted + Valid + not Authorized, SSO Scenario 3-Nothing Known