OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: multiple SingleLogoutService elements with identical Binding

Scott et al.,

Assuming SLO worked, for a moment ;)

There's a SAML SP using multiple ACS endpoints (same Binding,
different Location and index values) to seperate multiple different
"applications" within a single EntityDescriptor/entityID.
That part (Web Browser SSO) works fine.

(Actually each "application" is the same resource but configured for a
different customer. As such we'll assume each subject only ever has
access to one such "application", which obviates the need for multiple
SLO reponses for > 1 accessed "applications" at that same SP, which
wouldn't work with a single entityID anyway.)

Now the SP asked about adding corresponding SingleLogoutService
elements to its metadata, one for each "application" (analog to the
ACS Locations).
From what I gathered (with help from Ian) the IdP would never be able
to pick the "right" SingleLogoutService Location (given more than one
SingleLogoutService element with the same Binding and the "unindexed"
endpoint type) and would probably just pick the first one in SAML
metadata with a supported Binding (assuming the IdP consumed SAML
metadata for runtime behaviour).

As such adding any additional SingleLogoutService elements would be
superfluous and would never achieve anything, right?

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]