OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Query on an optional(?) element in SAMLResponse

Hello,

  We  had a long discussion internally and decided we'll send AuthnContextClassRef optionally in our SAMLResponse. 
  We'll be  a SAML 2.0 IdP supporting only web-browser SSO (supporting HTTP-Redirect at our end and post binding for SP).

  My reading of Oasis core tells me that AuthnContextClassRef is optional, Is this correct?

<AuthnStatement>
 -----
 <AuthnInstant> required
    <SessionIndex> optional
   <SessionNotOnOrAfter> optional
   <SubjectLocality optional 
      <adddress> optional  
      <DNSName> optional
  <AuthnContext> required
    <AuthnContextClassRef> optional
    <AuthnContextDecl> optional
    <AuthenticatingAuthority> zero or more

 

But have been advised by actual implementors that we should send it always. (http://lists.labs.libre-entreprise.org/pipermail/lasso-devel/2009-September/002456.html
Thanks to Benjamin of Lasso for answering all my questions)

What are your comments?

Thanks in advance.

--Bhaskar.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]