[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: supporting the AuthnRequest protocol
As you know, the SAML2 Web Browser SSO Profile calls out the use of the AuthnRequest protocol to support SP-initiated SSO [SAML2Prof, section 4.1.4]. It also permits IdP-initiated SSO [SAML2Prof, section 4.1.5]. That is all well and good. In metadata, however, the schema requires at least one SingleSignOnService endpoint in every IDPSSODescriptor. That's unfortunate since it forces every IdP (that relies on metadata) to support SP-initiated SSO. An IdP that wishes to support IdP-initiated SSO only is out of luck, at least in terms of metadata. I would call that a bug (in the metadata schema). What do others think? Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]