|
|
|
The SAML assertion generator creates an assertion based on a session for a user that has been authenticated at any authentication scheme protection level. This presents a security issue--you can control which users an assertion is generated for, but not based on the protection level at which they authenticated.
You may have resources that should be accessed only by users who have authenticated at a particular protection level. If your site's resources are secured at different protection levels, ensure that when users authenticate to establish a session, they do so with the desired protection level to ensure the federated environment's security.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |