[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: FORM POST profile. Was: draft-sstc-bindings-05
Prateek,
It was nice to see the POST profile included in the
bindings draft-05.
However, the "JavaScript security issue" can
be made much less
of a choice by actually letting the user's browser
do the "decision".
If JavaScript-based solutions must be as
appendices, the following
code belongs there:
<HTML>
<BODY BGCOLOR="#FFFFFF" > <FORM METHOD="POST" ACTION="Destination-URL"> <NOSCRIPT> <CENTER><H2>Your browser is JavaScript-disabled!</H2> <H3>Click on the button below to manually continue the login</H3> <INPUT TYPE="SUBMIT" VALUE="Continue"></CENTER> </NOSCRIPT> <INPUT TYPE="HIDDEN" NAME="SAMLAssertion" VALUE="Assertion in Base64-coding"> </FORM> </BODY> </HTML> Only to please (?) you we have added this fallback
code to our SAML-inspired
Purple demo so you can try with or without
JavaScript enabled in your browser.
Note: Don't try to run the "seller" app as it does not perform as expected without JavaScript. Only authentication
works.
My referred-to document has been updated
accordingly:
Regards
Anders
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC