[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AuthnQuery
I noticed the following in the SAML2 core: The <AuthnQuery> message MUST NOT be used as a request for a new authentication using credentials provided in the request I'm curious about the "credentials provided in the request" part. Does this mean user credentials, such as username/password? Could such credentials be sent as part of an <AuthnRequest> message? Would that be frowned upon in general, as a Requester would have to get hold of them in the first place. Alistair
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]