[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: returning multiple IdP entityIDs to the SP
In section 2.4 of the "Identity Provider Discovery Service Protocol and Profile," it says "The discovery service interacts with the principal via the user agent to establish one or more suitable identity providers" and "The discovery service redirects the user agent back to the service provider with the selected identity provider(s)," which suggests that multiple IdP entityIDs may be discovered. Then in section 2.4.2 it says: "The discovery service MAY rely on saved state, such as HTTP cookies, to determine the appropriate identity provider. If a single cookie is used, it SHOULD conform to the name and format specified by the Identity Provider Discovery Profile in section 4.3 of [SAML2Prof]." which also suggests that multiple IdP entityIDs may be stored. In section 2.4.3, however, it suggests that the value of the entityID parameter is a single IdP entityID. Is this true? Is the intent of the protocol/profile to return a single IdP entityID to the SP? If so, why? Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]