[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Questions related to ECP profile
> In another place it says "An <AuthnRequest> element in the SOAP body, > intended for the ultimate SOAP recipient, the identity provider" (line #771 > of document "saml-profile-2.0-os). It also says "the <AuthnRequest> element > may itself be signed by the service provider"(line #796 of document > "saml-profile-2.0-os). This means the <AuthnRequest> is prepared for a > specific IDP. No, it doesn't mean that. However, in scenarios where the signing key depends on the IdP, then you're right, this doesn't work. There's nothing we can do about that. AuthnRequests may be signed, but they don't have to be. In general, if you don't know the IdP, signing may not be possible. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]