[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SLO Profile Question
On 10/12/11 1:01 PM, "Cantor, Scott" <cantor.2@osu.edu> wrote: >> >>Then you could modify that last one to treat the originating SP the same >>as all. So the IdP would send the LogoutResponse directly to the SP and >>leave the principal at the IdP logout screen: > >No, you can't. There's no way to send the LogoutResponse in a SOAP request >(because nothing could come back to complete the binding). You have to use >front channel. You can use tricks and frames. Right. What I was not clear about in my examples was that I was having the IdP perform the front channel bindings. So it would use the listed/supported Redirect/POST binding for the particular Session Participant. That includes the final response to the originating SP. I pretty much feel frames are just a cruel joke played on web designers. You can't friggin' depend on them at all. I still fight service providers everyday that want to frame my IdP's and wonder why the hell it doesn't work. Paul
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]