saml-dev message

Subject: how to verify the sender of a SAML authn request

From: Mitu Singh <mitusingh27@yahoo.com>
To: "saml-dev@lists.oasis-open.org" <saml-dev@lists.oasis-open.org>
Date: Thu, 1 Aug 2013 14:44:41 -0700 (PDT)

Hello,

I have a question regarding the SAML Authentication Request. When an IDP receives a SAML authentiocation request, how can they validate the sender of the request? The issuer name, provider name, AssertionConsumerServiceURL and the signature are all optional. If none of these are in the request, how can the sender of the request be validated?

Thanks

-Mitu

Follow-Ups:
- Re: [saml-dev] how to verify the sender of a SAML authn request
  - From: "Cantor, Scott" <cantor.2@osu.edu>