Subject: AssertionConsumerServiceURL on ManageNameIDRequest
Hello SAML devs,
We are using the Name Identifier Management Protocol along with Browser POST Profile to allow users to delete their persistent id ‘record’ on the IdP.
We noticed that the ManageNameIDRequest does not seem to have any “callback URL” attribute, like the AssertionConsumerServiceURL attribute that exists on an AuthnRequest. How should the IdP know where to send the response in this case? Has anyone considered this before?
We may just have the IdP maintain configuration as to the correct URL to send the ManageNameIDResponse to; or we could pass the URL in a separate HTTP parameter. At this point we are leaning away from using saml Extensions just because of technical challenges (library support of Extensions / xs:any).
michael lucas | Senior Software Developer | Great-West Life | firstname.lastname@example.org
"Say not in grief that she is no more, but say in thankfulness that she was. A death is not the extinguishing of a light, but the putting out of the lamp because the dawn has come." - Rabindranath Tagore
The contents of this communication, including any attachment(s), are confidential and may be privileged. If you are not the intended recipient (or are not receiving this communication on behalf of the intended recipient), please notify the sender immediately and delete or destroy this communication without reading it, and without making, forwarding, or retaining any copy or record of it or its contents. Thank you. Note: We have taken precautions against viruses, but take no responsibility for loss or damage caused by any virus present.