[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: Attribute namespaces
From:       "Cantor, Scott" <cantor.2 () osu ! edu>
Date:       2021-02-17 13:52:23
Message-ID: E9521CE8-27A7-4DF3-B7CE-D52893187195 () osu ! edu
[Download RAW message or body]

On 2/17/21, 8:32 AM, "users on behalf of Phillip Grandsard" \
<users-bounces@shibboleth.net on behalf of pgrandsard@pagepath.com> wrote:

> They are claiming this is the standard way the metadata is being sent from Oracle.

What they're saying is that they don't know or care how their IdP works or have any \
interest in doing SAML correctly so shut up and take it. Since that's the case with \
virtually every vendor I work with, they're in good company. It's to your credit you \
care enough to ask.

Ultimately, you have to make a decision that's much tougher than mine as an IdP \
operator because you're (presumably) operating a commercial service and serving \
customers. I'm the customer in these scenarios, which gives me leverage when I choose \
to use it.

Whether you choose to do more work and take sufficient care to tolerate it is really \
something only you can decide, but as Peter said, you will never stop. Most of your \
random customers will pull this, so you will end up with 10-20 different ways of \
processing "email address".

Nobody would look at that with LDAP and think that made sense, but unfortunately I \
think that's less that SAML is somehow a different animal and more that modern IT has \
completely abdicated its sanity at all levels.

-- Scott


-- 
For Consortium Member technical support, see \
https://wiki.shibboleth.net/confluence/x/coFAAg To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]