Architecturally speaking, why might an organization deploy a SAML-based Web SSO solution if
they already have a cookie-based Web SSO in place and working?
A.
SAML generally performs better and requires less network overhead.
B.
SAML supports federation across cookie domains.
C.
SAML is required for Web Service security, which makesit a natural replacement for cookie
based SSO solutions.
D.
SAML isimmune to man-in-the-middle attacks.
Explanation:
SSO solutions deployed for a localized domain often exchange
state information in a browser cookie. These implementations are limited to the
scope of the DNS domain as cookies are not visible across domains. SAML offers
alternatives solutions that do not have this limitation.
Reference: Oracle Reference Architecture,Security, Release 3.1