1. Service Provider ABC.com is configured to accept credentials from IDP MNO.com.
2. Service Provider is also configured as an Identity Provider for XYZ.com.
3. User requests resource from ABC.com, is authenticated successfully against MNO.com.
4. Now the user wants a resource from XYZ.com.
如果用户通过验证,XYZ会询问ABC。该用户最初是针对MNO.com进行身份验证的。 MNO.com和XYZ.com不相互了解。最初通过MNO.com认证的凭证是否会跨越XYZ.com?换句话说,ABC.com会认为用户已通过身份验证,是否会将从MNO.com收到的凭证提供给XYZ.com?
如果没有,是否有办法实现这一目标?或者原始IdP(MNO.com)是否也需要为XYZ.com服务?
简而言之:
Identity Provider: MNO.com trusts SP: ABC.com
SP: ABC.com also configured as IDP to XYZ.com
SP: XYZ.com does not know about IDP: MNO.com
不要从MNO.com获得通过,以XYZ.com只是因为ABC.com既是SP和身份提供的凭据?
谢谢