OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [saml-dev] Is a separate "ArtifactReceiver" required?

Dear experts,

the "Bindings and Profiles" specification descibes the Web Browser SSO Profile of SAML.

In (Step 2), the user browser is directed from the source site to the destination site. 

The question is: What is the scope of the word "must" in the sentence: "The HTTP response MUST take the form".
Does it only cover the grey shaded box or does it also cover the parts that describe the form of <SAMLSearchpart>???

My point is this: 

Is it legal that the InterSiteTransfer service redirects the user browser directly to for example


(assuming that the used servlet container is capable of inspecting every URL request incoming).

Taking the chapter by the heart the <SAMLSerchpart> "must" have the form TARGET=....&SAMLart=....
and thus MUST have a TARGET parameter.

But sending a request like 


looks odd.

Juergen Kremp

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC