|
After users are initially authenticated and when Rights
Management receives subsequent messages from clients, Rights Management
uses SAML authentication assertions to verify the identity of the
message sender. Security Assertion Markup Language (SAML) authentication
assertions are used for authentication until the assertion expires
or users terminate their session.
When users are initially authenticated by using their user name
and password, Rights Management generates a SAML authentication
assertion. SAML authentication assertions are embedded in the SOAP
header and returned to the client.
Subsequent messages sent to Rights Management have the SAML assertion
in the message header in accordance with the WS-Security standard.
Note: Although SAML assertions are used internally
to provide session management, Rights Management does not support
third-party SAML assertions.
Logging in through Acrobat and other client applicationsWhen
Rights Management authenticates a user through Acrobat or another client
application, such as Microsoft Office, the server returns the SAML
authentication assertion to the client application.
After
logging in through the client application, a SAML assertion provides
SSO for accessing the web application. If the client application
opens the web application, users are authenticated with the assertion
and are not prompted for their user name and password.
|
|
|
