[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] supporting the AuthnRequest protocol
It is a requirement of the conformance spec that both IDP operational modes MUST support the AuthnRequest message. So if you want a conforming implementation, you have to support the message over the indicated bindings, which means you need the endpoint. Thus IMO, it isn't a bug in the metadata spec. One could try to make a case that it wasn't necessary to mandate SP-initiated SSO for IDP's in conformance. However, we opted to include it because the specification of SP-initiated SSO was a MAJOR use case that was added as part of SAML 2.0. I, at least, would not have supported defining yet another IDP mode that only supported IDP-initiated SSO. Rob Philpott | Senior Technologist | RSA, the Security Division of EMC eMail: robert.philpott@rsa.com | Office: 781.515.7115 | Mobile: 617.510.0893 > -----Original Message----- > From: Cantor, Scott [mailto:cantor.2@osu.edu] > Sent: Sunday, March 17, 2013 3:24 PM > To: Tom Scavo; SAML Developers > Subject: Re: [saml-dev] supporting the AuthnRequest protocol > > On 3/17/13 3:15 PM, "Tom Scavo" <trscavo@gmail.com> wrote: > > > >In metadata, however, the schema requires at least one > >SingleSignOnService endpoint in every IDPSSODescriptor. That's > >unfortunate since it forces every IdP (that relies on metadata) to > >support SP-initiated SSO. An IdP that wishes to support IdP-initiated > >SSO only is out of luck, at least in terms of metadata. > > Unless you just define a binding to represent what IdP-initiated SSO > really is, which is just a non-standard binding for a different sort of > request. > > >I would call that a bug (in the metadata schema). What do others think? > > I think it's irrelevant, since it can't be fixed, but is fortunately an > easily worked around problem. > > -- Scott > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: saml-dev-help@lists.oasis-open.org >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]