[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SAML 2.0 Identity Provider Discover Profile
SAML 2.0 Identity Provider Discover Profile Section 4.3 of [SAMLProf] [lines 1063--1064] Delete the phrase "when authentication of the principal occurs" since the common domain writing service has no knowledge of this event. The service is simply carrying out the wishes of the IdP. [line 1066] The phrases "no Path prefix" and "a Path prefix of "/"" refer to the most specific and most general paths, respectively. Is this intentional, and if so, why? [lines 1066--1067] The phrase "[common-domain]" is not well defined. Suppose the common domain is CommonDomain.com. Then the Domain attribute of the cookie should be set to ".CommonDomain.com". RFC 2109 states that the Domain attribute "must always start with a dot." RFC 2965 (which obsoletes RFC 2109) states that if the Domain attribute "does not start with a dot, the user agent supplies a leading dot." It is safest, however, to explicitly include the dot. [line 1098] The common domain server does not "set the cookie" on behalf of the service provider. Instead, it READS the cookie and (presumably) returns the value in a query string parameter.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]