OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] ECP SSO Profile and Metadata


> Example: 
> - ECP -> SOAP Authn Request with ACS index 1 -> 
> - IDP does not have ACS index 1 for the SP, and the default 
> is an ACS with binding  Artifact. 

At this stage, the IdP is pretty free to bail if it wants. This is actually
called out. The IdP MAY return an error or MAY use the default.

> 2. The protocolBinding value urn:...:PAOS can be used to tell 
> the IDP Single SignOn Service to respond with an ACS whose 
> binding is PAOS. If for some reason there is more than one 
> endpoint for PAOS (non of which are the default) and the ACS 
> Url does not accompany the AuthnRequest, then *one random* 
> endpoint may be used by the IDP.  I assume this is true in 
> general (seems to beg for an isDefault per binding per 
> service indicator in the future).

Maybe, but most people didn't really care about the use case for multiple
endpoints of the same binding. We use it because we don't have a gateway, we
want people deploying SAML in their applications, so we can handle multiple
vhosts combined into one SP. I would guess most people are unlikely to. We
were fine with the semantic of "pick any".

> The main point here is that PAOS should be used as the ACS 
> url binding in metadata. Specificially, if someone was to use 
> "urn:...:SOAP", then the IDPs should be allowed to (a) say 
> SOAP is not supported (i.e., you should have used PAOS as the 
> protocolBinding), or (b) reespond with the standard 
> SOAP-based response (i.e., an SAML Response message wrapped 
> in SOAP -- and NO ecp:Response).

Hmm. I think we just accidentally defined a SOAP profile...oh well. Guess
that was easy.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]