OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] ECP profile question


> Regarding the ECP SSO profile - I'm a bit confused about the 
> usage of the responseConsumerURL attribute in the PAOS header 
> sent from SP to ECP and the AssertionConsumerServiceURL 
> attribute in the ECP response header sent from the IdP to the 
> ECP.   I've included the relevant sections (that I could 
> find) of the profiles spec below.

You forgot the errata. ;-)

> As I understand it, the ECP sends a message to the SP at the 
> location specified in the responseConsumerURL _only_ in event 
> that there is some error condition.  Otherwise the value of 
> the responseConsumerURL attribute is used only for the ECP to 
> confirm the value of the AssertionConsumerServiceURL it got 
> from the IdP by comparing the two.  And the value of the 
> AssertionConsumerServiceURL is where the ECP will deliver the 
> SSO response.  
> 
> Do I have that correct?

Yep.

> Am I missing something here?  Was this just an oversight (and 
> perhaps errata item) or were these values intentionally set 
> that way in the example?  

It's already in errata, I believe.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]