Implementing SSO using different versions of SAML

Question

Is it possible to establish SSO between two different vendors when each of them use different versions of SAML. VendorA uses SAML 1.0 and VendorB uses SAML 2.0 ? Can we have a intermidiary that interprets the assertions based on the SAML version ?

Answer 1

I suppose you could build an intermediary that takes the SAML request from one vendor, authenticates it, reads through the assertions and then builds an entirely new SAML request using the correct version that it sends to the next vendor. But that seems like it would be a significant challenge. The problem here is that you can't just re-build a SAML request from one version to the other - doing so will invalidate the signature of the original request.

Answer 2

You could probably use OpenSSO to consume the SAML 1.0 assertion and create a SAML 2.0 one, or vice versa. I've done similar protocol transitions with OpenSSO in the past. OpenSSO would trust VendorA and VendorB would trust OpenSSO.