OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: supporting the AuthnRequest protocol

As you know, the SAML2 Web Browser SSO Profile calls out the use of
the AuthnRequest protocol to support SP-initiated SSO [SAML2Prof,
section 4.1.4]. It also permits IdP-initiated SSO [SAML2Prof, section
4.1.5]. That is all well and good.

In metadata, however, the schema requires at least one
SingleSignOnService endpoint in every IDPSSODescriptor. That's
unfortunate since it forces every IdP (that relies on metadata) to
support SP-initiated SSO. An IdP that wishes to support IdP-initiated
SSO only is out of luck, at least in terms of metadata.

I would call that a bug (in the metadata schema). What do others think?

Tom

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]