OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: AuthnQuery

I noticed the following in the SAML2 core:

The <AuthnQuery> message MUST NOT be used as a request for a new 
authentication using credentials provided in the request

I'm curious about the "credentials provided in the request" part. Does 
this mean user credentials, such as username/password? Could such 
credentials be sent as part of an <AuthnRequest> message?

Would that be frowned upon in general, as a Requester would have to get 
hold of them in the first place.

Alistair

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]