|
|
|
Multistep authentication using SAML Session Tickets without signed XML documents is a less secure model in which a public key is not required to be bound to the XML document.
If no public key is supplied by the web service consumer or the Policy Server) with a request, the assertion is still generated based on a successful authentication alone. The assertion can be used by the SAML Session Ticket authentication scheme only if the scheme is configured so that it does not require a signature for the XML document.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |