OpenSAML user discussion

[Chad La Joie <>]

If you're starting a new topic please compose a new email instead of
hijacking an existing thread.

As to your question, this actually has nothing to do with SAML.  It's
browser behavior, yes it's common, and yes there is a common solution.
It results from various endpoints not being encrypted.  You can go out
to Google and find a lot of articles and write ups about this.

On 2/2/11 6:05 AM, Chris Card wrote:
> 
> Hi,
> 
> we are using an IDP which has a SingleSignOnService defined in its metadata 
> with Binding HTTP-Redirect and Location url using https.
> When a browser gets redirected to this url in order to send an 
> AuthnRequest, we get warnings from the browser e.g. from Firefox:
> 
> "Although this page is encrypted, the information you have entered is to be 
> sent over an unencrypted connection and could easily be read by a third 
> party.
> 
> Are you sure you want to continue sending this information?"
> 
> and
> 
> "You are about to leave an encrypted page. Information you send or receive 
> from now on could easily be read by a third party." 
> 
> when the SAMLResponse is posted back.
> 
> Is this a well-known issue that has a well-known solution? (apart from just 
> disabling the warnings!)
> 
> Chris
> 
>                                         

-- 
Chad La Joie
http://itumi.biz
trusted identities, delivered