saml-dev message

Subject: Re: [saml-dev] Common fields/attributes in Auth Response and Assertion

From: "Cantor, Scott" <cantor.2@osu.edu>
To: Vasu Y <vyal2k@yahoo.com>, "saml-dev@lists.oasis-open.org" <saml-dev@lists.oasis-open.org>
Date: Mon, 7 Apr 2014 18:37:46 +0000

On 4/7/14, 1:51 PM, "Vasu Y" <vyal2k@yahoo.com> wrote:

>In that case, for the common fields, is it enough if ones validates the
>field/attribute contained in Assertion? For instance, If i make sure that
>SubjectConfirmationData's InResponseTo matches AuthnRequest's ID and
>ignore (do not validate) Response's InResponseTo.

My answer to any such question is that the minute you start asking "do I
have to do X?", you should stop writing altogether.

If you have to ask, you don't know enough to ignore anything.

>For a Web SSO Profile, what could be likely scenario when one of the
>common field's value be different (between Response & Assertion)?

That depends on the common field, but I'm not spending any time analyzing
the matter.

-- Scott

References:
- Common fields/attributes in Auth Response and Assertion
  - From: Vasu Y <vyal2k@yahoo.com>
- Re: [saml-dev] Common fields/attributes in Auth Response and Assertion
  - From: "Cantor, Scott" <cantor.2@osu.edu>
- Re: [saml-dev] Common fields/attributes in Auth Response and Assertion
  - From: Vasu Y <vyal2k@yahoo.com>