Home/ Questions/Q 8322159
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T23:17:09+00:00

In investigating federated authentication, I’ve been running into a protocol alongside SAML: HTTP-FED. Curiously,

  • 0

In investigating federated authentication, I’ve been running into a protocol alongside SAML: HTTP-FED.

Curiously, I can’t find any technical documentation for this protocol.

What is it? Is it, like I suspect, a claims-based protocol for use with HTTP instead of WS- services?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    HTTP-Fed appears to be a creation of a commercial vendor (Symplified). It has not been ratified by any standards bodies (that I’ve found) which is why you probably can’t find much on it. From what I’ve read on their website, it appears to essentially be a fancy name for credential caching/credential replay across the internet. From their site — http://www.symplified.com/http-federation/

    “… HTTP-FED leverages the existing HTTP login mechanism at the SP.
    The implication of this is that no changes to the SP (destination
    application) are required and no special software is needed by SPs,
    thereby reducing the effort required to federate domains.”

    It’s not a standard so there’s no info on how you’d implement it outside of buying their product. If you’re looking at Web SSO for Cloud Applications, I’d stick with actual standards (SAML, OpenID, OAuth, Open ID Connect) that are designed with security in mind for this type of activity.

    • 0