OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Questions related to ECP profile

> In another place it says "An <AuthnRequest> element in the SOAP body,
> intended for the ultimate SOAP recipient, the identity provider" (line
#771
> of document "saml-profile-2.0-os). It also says "the <AuthnRequest>
element
> may itself be signed by the service provider"(line #796 of document
> "saml-profile-2.0-os). This means the <AuthnRequest> is prepared for a
> specific IDP. 

No, it doesn't mean that. However, in scenarios where the signing key
depends on the IdP, then you're right, this doesn't work. There's nothing we
can do about that. AuthnRequests may be signed, but they don't have to be.
In general, if you don't know the IdP, signing may not be possible.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]