SAML implementation limitations
SDL Tridion Sites imposes certain limitations on a SAML implementation.
The limitations are:
- SAML 2.0 only works with the browser-based clients, Content Manager Explorer and Experience Manager. It does not work with the desktop clients, Template Builder and Content Porter, nor with APIs. Such clients require another way of authentication.
- SDL Tridion Sites requires an IdP that supports HTTP POST bindings.
- SDL Tridion Sites strongly recommends that the returned SAML token be signed, so that no tampering may occur.
- SDL Tridion Sites sends an unsigned authentication request to the IdP.
- As a consequence of the previous limitation, SDL Tridion Sites does not support single logout.