他社連携機能では、SAML V2.0で定められているプロファイルの中で、以下のメッセージフローとバインディング手法を利用することができます。
プロファイル名 | メッセージフローとバインディング手法 | 利用の可否 |
|---|---|---|
Web Browser SSO | SP 先行型:POST->POST Binding | × |
SP 先行型:Redirect->POST Binding | ○ | |
SP 先行型:Artifact->POST Binding | × | |
SP 先行型:POST->Artifact Binding | × | |
SP 先行型:Redirect->Artifact Binding | ○ | |
SP 先行型:Artifact->Artifact Binding | × | |
IdP先行型:POST Binding | × | |
IdP先行型:Artifact Binding | × | |
Enhanced Client and Proxy | ECP->SP | × |
SP->ECP->IdP | × | |
IdP->ECP->SP | × | |
SP->ECP | × | |
Identity Provider Discovery | Cookie Getter | ○ |
Cookie Setter | ○ | |
Single Logout | SP先行型:Redirect Binding | ○ |
SP先行型:POST Binding | × | |
SP先行型:Artifact Binding | × | |
SP先行型:SOAP Binding | × | |
IdP先行型:Redirect Binding | ○ | |
IdP先行型:POST Binding | × | |
IdP先行型:Artifact Binding | × | |
IdP先行型:SOAP Binding | × | |
Name Identifier Management | 要求:Redirect Binding | × |
要求:POST Binding | × | |
要求:Artifact Binding | × | |
要求:SOAP Binding | × | |
応答:Redirect Binding | × | |
応答:POST Binding | × | |
応答:Artifact Binding | × | |
応答:SOAP Binding | × | |
Artifact Resolution | Artifact:Redirect Binding | ○ |
Artifact:POST Binding | × | |
要求:SOAP Binding | ○ | |
応答:SOAP Binding | ○ | |
Assertion Query/Request | アサーション識別子問い合わせ | × |
認証問い合わせ | × | |
属性問い合わせ | × | |
認可決定問い合わせ | × | |
Name Identifier Mapping | 要求:SOAP Binding | × |
応答:SOAP Binding | × | |
SAML Attribute | Basic Attribute Profile | × |
X.500/LDAP Attribute Profile | × | |
UUID Attribute Profile | × | |
DCE PAC Attribute Profile | × | |
XACML Attribute Profile | × |
○:利用可能
×:利用不可
SAML V2.0の詳細については、OASISで公開されている「Security Assertion Markup Language (SAML) V2.0」を参照してください。
