Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Browser warnings when redirecting to SingleSignOnService url

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Browser warnings when redirecting to SingleSignOnService url


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: [OpenSAML] Browser warnings when redirecting to SingleSignOnService url
  • Date: Wed, 02 Feb 2011 06:27:13 -0500
  • Organization: Itumi, LLC

If you're starting a new topic please compose a new email instead of
hijacking an existing thread.

As to your question, this actually has nothing to do with SAML. It's
browser behavior, yes it's common, and yes there is a common solution.
It results from various endpoints not being encrypted. You can go out
to Google and find a lot of articles and write ups about this.

On 2/2/11 6:05 AM, Chris Card wrote:
>
> Hi,
>
> we are using an IDP which has a SingleSignOnService defined in its metadata
> with Binding HTTP-Redirect and Location url using https.
> When a browser gets redirected to this url in order to send an
> AuthnRequest, we get warnings from the browser e.g. from Firefox:
>
> "Although this page is encrypted, the information you have entered is to be
> sent over an unencrypted connection and could easily be read by a third
> party.
>
> Are you sure you want to continue sending this information?"
>
> and
>
> "You are about to leave an encrypted page. Information you send or receive
> from now on could easily be read by a third party."
>
> when the SAMLResponse is posted back.
>
> Is this a well-known issue that has a well-known solution? (apart from just
> disabling the warnings!)
>
> Chris
>
>

--
Chad La Joie
http://itumi.biz
trusted identities, delivered



Archive powered by MHonArc 2.6.16.

Top of Page