Skip to Content.
Sympa Menu

mace-opensaml-users - [OpenSAML] Browser warnings when redirecting to SingleSignOnService url

Subject: OpenSAML user discussion

List archive

[OpenSAML] Browser warnings when redirecting to SingleSignOnService url


Chronological Thread 
  • From: Chris Card <>
  • To: <>
  • Subject: [OpenSAML] Browser warnings when redirecting to SingleSignOnService url
  • Date: Wed, 2 Feb 2011 11:05:49 +0000
  • Importance: Normal

Hi,

we are using an IDP which has a SingleSignOnService defined in its metadata with Binding HTTP-Redirect and Location url using https.
When a browser gets redirected to this url in order to send an AuthnRequest, we get warnings from the browser e.g. from Firefox:

"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?"

and

"You are about to leave an encrypted page. Information you send or receive from now on could easily be read by a third party."

when the SAMLResponse is posted back.

Is this a well-known issue that has a well-known solution? (apart from just disabling the warnings!)

Chris




Archive powered by MHonArc 2.6.16.

Top of Page