OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Questions about ECP Profile

I have the following questions regarding Enhanced Client and Proxy support.

  1. Are unsolicited responses supported for ECP?  Web SSO specifically discusses them (SAML Profiles, section 4.1.5), but ECP profile does not mention it aside from a single sentence in  It is also unclear whether both HTTP GET and POST requests need to be supported for an unsolicited response if it is in fact supported (most ECP requests must be done using POST since a SOAP message is being sent, but an unsolicited response could be handled with a GET – the question is whether a POST also needs to be supported).
  2. SAML profiles, section (ECP issues <AuthnRequest> to Identity Provider) states “…identity provider MAY respond to the ECP’s HTTP request with an HTTP response containing, for example, an HTML login form…”.  It further states “A sequence of HTTP exchanges MAY take place, but ultimately the identity provider MUST complete the SAML SOAP exchange an return a SAML response via the SOAP binding.”  Can it be assumed that the ECP MUST retain a copy of the HTTP request (SOAP message containing the <AuthnRequest>) to be resent to the identity provider in the event that an HTTP response requesting authentication has been received by the ECP?  There is not much definition regarding the requirements and behavior of an enhanced client in this area, and if the identity provider needs to redirect the ECP to an authentication URL the posted SOAP message cannot be included in the redirect.


Thank you.





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]