A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication.
In this scenario, which of the following will occur when users try to authenticate to the portal? (Select two.)
A.
The portal will function as a service provider and request an authentication assertion.
B.
The portal will function as an identity provider and issue an authentication assertion.
C.
The portal will request an authentication ticket from each network that is transitively trusted.
D.
The back-end networks will function as an identity provider and issue an authentication assertion.
E.
The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store.
F.
The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.
I think A & D are correct.
User is the “principal”
Portal is the “service provider” (NOT the Identity Provider).
The back end networks each have their own Identity providers, so the back end networks will receive the SAML Request (AuthnRequest), and will return the SAML Assertion (SAMLResponse).
1
2
I was wrong.
D is not correct.
The back end networks will not function as an iDp.
Also C is wrong.
… I’m still not sure which is correct.
1
1
I think A and B are correct.
A – service provider initiated
SP creates Authentication Request and redirects the user to the IDp.
B – iDp initiated
The IDp created a saml response ( authentication assertion) and then sends to service provider.
3
1
I’m not 100% sure on this one.
It is one of these:
— A & B.
— A & F.
C,D,E appear to be false to me.
Anybody have any comments on this?
0
3
The Security Assertion Markup Language (SAML) provides a format for a client and
server to exchange authentication and authorization data securely. SAML defines three
roles for making this happen: principle, identity provider, and service provider. The client
or user is often the principle. The principle wants something from the service provider
(SP), the latter often a Web service of some kind. The identity provider (IdP) contains
information that can assure the SP that the principle is legitimately who he says he
is. Systems using SAML can use any number of methods for authentication, including
passwords and user names.
5
1
Sooo the answer is???
1
1
B and C?
0
0
I agree B & C
1
1
I think B and F is correct. I also thought about B&C but SAML does not work with ticket. B&F sounds logic
5
0