mace-opensaml-users - Re: Sending session ID
Subject: OpenSAML user discussion
List archive
- From: Frank Cornelis <>
- To:
- Subject: Re: Sending session ID
- Date: Wed, 20 Feb 2008 11:31:06 +0100
Hi,
It's probably not a good idea to expose the session ID via a (signed)
SAML authentication request message. Better is to store the SAML
authentication request Id in the session context (of your servlet
container) and later on check the InResponseTo value of the incoming
SAML authentication response against the Id previously stored in the
session context.
Regards,
Frank.
On Wed, 2008-02-20 at 05:22 -0500,
wrote:
> Hi,
> I need to send session ID and username with the SAML authetication request.
> Can u pls tell me the XML format of SAML message that includes session ID
> and username?
- Sending session ID, mahadev murali, 02/20/2008
- <Possible follow-up(s)>
- Sending session ID, muraliever4u, 02/20/2008
- Re: Sending session ID, Frank Cornelis, 02/20/2008
- Re: Sending session ID, mahadev murali, 02/20/2008
- Re: Sending session ID, Chad La Joie, 02/20/2008
- Re: Sending session ID, mahadev murali, 02/20/2008
- Re: Sending session ID, Frank Cornelis, 02/20/2008
Archive powered by MHonArc 2.6.16.