[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Common fields/attributes in Auth Response and Assertion
On 4/7/14, 1:51 PM, "Vasu Y" <vyal2k@yahoo.com> wrote: >In that case, for the common fields, is it enough if ones validates the >field/attribute contained in Assertion? For instance, If i make sure that >SubjectConfirmationData's InResponseTo matches AuthnRequest's ID and >ignore (do not validate) Response's InResponseTo. My answer to any such question is that the minute you start asking "do I have to do X?", you should stop writing altogether. If you have to ask, you don't know enough to ignore anything. >For a Web SSO Profile, what could be likely scenario when one of the >common field's value be different (between Response & Assertion)? That depends on the common field, but I'm not spending any time analyzing the matter. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]