[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] ECP profile question
> Regarding the ECP SSO profile - I'm a bit confused about the > usage of the responseConsumerURL attribute in the PAOS header > sent from SP to ECP and the AssertionConsumerServiceURL > attribute in the ECP response header sent from the IdP to the > ECP. I've included the relevant sections (that I could > find) of the profiles spec below. You forgot the errata. ;-) > As I understand it, the ECP sends a message to the SP at the > location specified in the responseConsumerURL _only_ in event > that there is some error condition. Otherwise the value of > the responseConsumerURL attribute is used only for the ECP to > confirm the value of the AssertionConsumerServiceURL it got > from the IdP by comparing the two. And the value of the > AssertionConsumerServiceURL is where the ECP will deliver the > SSO response. > > Do I have that correct? Yep. > Am I missing something here? Was this just an oversight (and > perhaps errata item) or were these values intentionally set > that way in the example? It's already in errata, I believe. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]