A company has three divisions, each with its own networks and services.
The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords.
The security administrator has elected to use SAML to support authentication.
In this scenario, which of the following will occur when users try to authenticate to the portal? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.CD.
In this scenario, the company has three divisions, each with its own networks and services. The company wants to make its secure web portal accessible to all employees using their existing usernames and passwords. The security administrator decides to use Security Assertion Markup Language (SAML) to support authentication.
SAML is an XML-based standard used to exchange authentication and authorization data between parties, in particular, between an identity provider (IdP) and a service provider (SP). In this scenario, the web portal will function as the SP, and the back-end networks will function as the IdPs.
Answer options:
A. The portal will function as a service provider and request an authentication assertion. B. The portal will function as an identity provider and issue an authentication assertion. C. The portal will request an authentication ticket from each network that is transitively trusted. D. The back-end networks will function as an identity provider and issue an authentication assertion. E. The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store. F. The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.
Answer A is correct. The web portal will function as a service provider and request an authentication assertion. When a user tries to authenticate to the portal, the portal will request an authentication assertion from the identity provider, which is the back-end network in this case. The authentication assertion will contain information about the user, such as their username and password. The portal will then use this information to authenticate the user.
Answer B is incorrect. The web portal will not function as an identity provider and issue an authentication assertion. The back-end networks will act as the identity providers in this scenario.
Answer C is incorrect. The portal will not request an authentication ticket from each network that is transitively trusted. Instead, it will request an authentication assertion from the back-end network, which is the identity provider.
Answer D is incorrect. The back-end networks will function as identity providers and issue authentication assertions to the portal.
Answer E is incorrect. The back-end networks will not request authentication tickets from the portal. Instead, the portal will request an authentication assertion from the back-end network, which is the identity provider.
Answer F is incorrect. The back-end networks will not verify the assertion token issued by the portal. Instead, the portal will use the authentication assertion issued by the back-end network to authenticate the user.
In summary, when users try to authenticate to the web portal, the portal will function as a service provider and request an authentication assertion from the back-end network, which will function as the identity provider. The authentication assertion will contain information about the user, such as their username and password, which the portal will use to authenticate the user.