OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] Question about TARGET

Hi Ignasi,

>>In Browser/POST Profile, the TARGET is trasfered in step 1,2 
>>and 3 is for
>>checking with samlp:Recipient for Contermeasure MITM Attack  

This is not correct. The Browser/POST profile Section (lines
requires the destination site to check the "Recipient" attribute
of the SAML response against the <assertion consumer host name and path>.

>>Why is transfered TARGET in step 1,2 and 3 in  
>>Browser/Artifact Profile of
>>SAML ???

The TARGET name-value pair is used in a uniform fashion in both profiles.
It is always a string (typically a URL) that indicates the object of
at the destination site. The destination site will usually re-direct the
to this URL after validating the transferred assertion.

- prateek

>>To subscribe or unsubscribe from this elist use the subscription
>>manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC