[Last Call] Learn how to a build a cloud-first strategyRegister Now


SAML Terminology:  Service Provider Component

Posted on 2014-08-29
Medium Priority
Last Modified: 2014-08-30
Does the Service Provider Component perform the following function

Once the client gets a token from the IdP, and sends the token to the web service, does the web service then contact the Service provider component to validate that the token is valid (the signature is correct and the date is within range)  ?

Question by:Anthony Lucia
LVL 14

Accepted Solution

Brad Groux earned 2000 total points
ID: 40293478
The Service Provider is generally the destination, while the Identity Provider is generally the source. The security token passes information back and forth between the two based upon the partner relationship. SAML utilizes Kerberos tokens, so the security constraints of the token are no different than authentication steps within an Active Directory environment - authentication of the token takes the source, time and date and type of request into consideration before granting access.

The complexity of the actual token process is dependent on the partner relationship and apps in use.

Author Comment

by:Anthony Lucia
ID: 40293810
Yes, I do understand most of that, but what about the Service Provider "Component" module that you download from Shibbolieth.  Does that perform token validation for the actual SP ?

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

826 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question