Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Sending session ID

Subject: OpenSAML user discussion

List archive

Re: Sending session ID


Chronological Thread 
  • From: Frank Cornelis <>
  • To:
  • Subject: Re: Sending session ID
  • Date: Wed, 20 Feb 2008 11:31:06 +0100

Hi,


It's probably not a good idea to expose the session ID via a (signed)
SAML authentication request message. Better is to store the SAML
authentication request Id in the session context (of your servlet
container) and later on check the InResponseTo value of the incoming
SAML authentication response against the Id previously stored in the
session context.


Regards,
Frank.

On Wed, 2008-02-20 at 05:22 -0500,

wrote:
> Hi,
> I need to send session ID and username with the SAML authetication request.
> Can u pls tell me the XML format of SAML message that includes session ID
> and username?




Archive powered by MHonArc 2.6.16.

Top of Page