Preflight in AuthN

This preflight scenario is OLCA Compatible (Cableabs). The Authentication and Authorization Interface 1.0 Specification section 7.5.2 titled “Attribute Statement Within Authentication Assertion”, describes how a SAML authentication response can contain a list of preauthorized resources. If an IdP supports this, the Adobe Pass Authentication server will be able to generate the preflighted resources list at authentication time and cache it on the client along with the Authentication Token. This method also achieves the best case scenario, and no network calls will be performed when the Programmer calls checkPreauthorizedResources(), since everything is already on the client.

Custom Resource List in SAML Attribute Statement

The IdP’s SAML authentication response shall include an AttributeStatement containing resource names that AdobePass should authorize. Some MVPD’s provide this in the following format:

<saml:AttributeStatement>
  <saml:Attribute Name="authorized_resources">
    <saml:AttributeValue>MMOD</saml:AttributeValue>
    <saml:AttributeValue>Olympics2012</saml:AttributeValue>
  </saml:Attribute>
</saml:AttributeStatement>

The sample above presents a list containing two preauthorized resources: “MMOD” and “Olympics2012”.

This effectively achieves the best case scenario, and no network calls will be performed when the Programmer calls checkPreauthorizedResources(), since everything is already on the client.