Enhanced Client or Proxy Profile (ECP)

A specification that extends the Security Assertion Markup Language (SAML) protocol to allow for the exchange of SAML assertions between a client and a proxy server.

In the context of web-based single sign-on (SSO) systems, ECP enables a user's web browser to act as a proxy between a relying party (RP) and an identity provider (IdP). The user's browser can perform authentication with the IdP on behalf of the RP, and then relay the SAML assertion to the RP, which can then grant access to the requested resource.

The ECP profile allows for more flexibility in how SAML assertions are exchanged between the client and proxy server, including the use of different bindings and message formats. This can be particularly useful in scenarios where the client and proxy server are not able to communicate using standard SAML protocols.

ECP is often used in enterprise environments to enable web-based SSO for applications that do not support standard SAML protocols, such as thick-client desktop applications or mobile apps. It is also used in some federated identity systems, such as Shibboleth, as a way to enable SSO between different identity providers and service providers.