[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: Behavior when skipEndpointValidationWhenSigned is used but ProtocolBinding isn't set
From:       "Cantor, Scott via users" <users () shibboleth ! net>
Date:       2024-02-28 18:58:40
Message-ID: F4F164D0-3333-40C3-8A90-AC0DAEDA0B4A () osu ! edu
[Download RAW message or body]

> Since we're relying on the signed AuthnRequest instead of the
> AssertionConsumerService metadata element, would the missing
> ProtocolBinding explain the failure we're seeing?

Yes.

It's also non-standard behavior, so worth bearing in mind that I don't think anything \
else supports it (I imagine some don't validate period, but I don't think it's common \
in SAML to only behave that way with a signature). I use it for a few internal SPs \
since there's more control but would never count on it in any federated scenario as \
an SP (if that matters).

-- Scott


-- 
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]