[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: multiple SingleLogoutService elements with identical Binding
Scott et al., Assuming SLO worked, for a moment ;) There's a SAML SP using multiple ACS endpoints (same Binding, different Location and index values) to seperate multiple different "applications" within a single EntityDescriptor/entityID. That part (Web Browser SSO) works fine. (Actually each "application" is the same resource but configured for a different customer. As such we'll assume each subject only ever has access to one such "application", which obviates the need for multiple SLO reponses for > 1 accessed "applications" at that same SP, which wouldn't work with a single entityID anyway.) Now the SP asked about adding corresponding SingleLogoutService elements to its metadata, one for each "application" (analog to the ACS Locations). From what I gathered (with help from Ian) the IdP would never be able to pick the "right" SingleLogoutService Location (given more than one SingleLogoutService element with the same Binding and the "unindexed" endpoint type) and would probably just pick the first one in SAML metadata with a supported Binding (assuming the IdP consumed SAML metadata for runtime behaviour). As such adding any additional SingleLogoutService elements would be superfluous and would never achieve anything, right? -peter
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]