---
schema-version: v1.2.8
id: OASISSAML2KrbSSO-CS01
title:
- content: SAML V2.0 Kerberos Web Browser SSO Profile Version 1.0
  language:
  - en
  script:
  - Latn
  format: text/plain
  type: main
link:
- content: http://docs.oasis-open.org/security/saml/Post2.0/saml-kerberos-browser-sso/v1.0/cs01/saml-kerberos-browser-sso-v1.0-cs01.html
  type: src
- content: http://docs.oasis-open.org/security/saml/Post2.0/saml-kerberos-browser-sso/v1.0/cs01/saml-kerberos-browser-sso-v1.0-cs01.pdf
  type: pdf
- content: http://docs.oasis-open.org/security/saml/Post2.0/saml-kerberos-browser-sso/v1.0/cs01/saml-kerberos-browser-sso-v1.0-cs01.odt
  type: odt
type: standard
docid:
- id: OASIS SAML2KrbSSO-CS01
  type: OASIS
  primary: true
docnumber: SAML2KrbSSO-CS01
date:
- type: issued
  value: '2012-02-07'
contributor:
- organization:
    name:
    - content: OASIS
    contact:
    - uri: https://www.oasis-open.org/
  role:
  - description:
    - content: Standards Development Organization
    type: authorizer
  - type: publisher
- organization:
    name:
    - content: Security Services (SAML) TC
    contact:
    - uri: https://www.oasis-open.org/committees/security/
  role:
  - description:
    - content: Committee
    type: authorizer
- person:
    name:
      given:
        forename:
        - content: Thomas
          language:
          - en
          script:
          - Latn
      surname:
        content: Hardjono
        language:
        - en
        script:
        - Latn
    affiliation:
    - organization:
        name:
        - content: M.I.T.
        contact:
        - uri: http://www.mit.edu/
    contact:
    - email: hardjono@mit.edu
  role:
  - description:
    - content: Chair
    type: editor
- person:
    name:
      given:
        forename:
        - content: Nathan
          language:
          - en
          script:
          - Latn
      surname:
        content: Klingenstein
        language:
        - en
        script:
        - Latn
    affiliation:
    - organization:
        name:
        - content: Internet2
        contact:
        - uri: http://www.internet2.edu/
    contact:
    - email: ndk@internet2.edu
  role:
  - description:
    - content: Chair
    type: editor
language:
- en
script:
- Latn
abstract:
- content: Allows for transport of assertions using the Kerberos subject confirmation
    method by standard HTTP user agents with no modification of client software and
    maximum compatibility with existing deployments.  The flow is similar to standard
    Web Browser SSO, but a Kerberos AP-REQ message is presented by the user agent
    via the HTTP Negotiate authentication scheme and the Kerberos GSS-API mechanism.
    The presentation of a valid Kerberos AP-REQ message whose client principal name
    matches the principal name given in the subject confirmation strengthens the assurance
    of the resulting authentication context and protects against credential theft.
  language:
  - en
  script:
  - Latn
  format: text/plain
doctype:
  type: specification
editorialgroup:
- name: Security Services (SAML) TC
ext:
  schema-version: v1.0.1
technology_area:
- Security