[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Web SSO <AuthnRequest> conformance
Scott, no, just HTTP Redirect. Using HTTP Post is not best alternative, as the IDP site is typically a "protected" site that may require the user to provide their credentials. If HTTP Post is used, the caching of the <AuthnRequest> at the IDP site (while the user authenticates) adds additional work/overhead. Versus using HTTP Artifact. Tom. -----Original Message----- From: Scott Cantor [mailto:cantor.2@osu.edu] Sent: Tuesday, October 26, 2004 1:57 PM To: 'Thomas Wisniewski'; security-services@lists.oasis-open.org Subject: RE: [security-services] Web SSO <AuthnRequest> conformance > Recognizing the size restrictions for redirects (I think it's > around 2k for IE), since HTTP redirect is the only binding > required, a conformant implementation CANNOT handle authn > requests that are greater than 2k. I believe POST is also required. Am I wrong? > Was the reasoning based on > the chance that authn requests (which would be b64 encoded > and then url encoded), would not reach this size? My assumption was we required POST to handle that case. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]