Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Browser warnings when redirecting to SingleSignOnService url

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Browser warnings when redirecting to SingleSignOnService url


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: [OpenSAML] Browser warnings when redirecting to SingleSignOnService url
  • Date: Wed, 02 Feb 2011 09:15:31 -0500
  • Organization: Itumi, LLC

The SAML spec does not make any requirements one way of the other.
Whether it makes sense to do that for a particular deployment depends on
the environment of that deployment. If the IdP is accepting
username/password is really should only be doing so over HTTPS. If the
IdP has a one-time token that it's using then *maybe* one could argue
that didn't have to be over HTTPS.

On 2/2/11 6:48 AM, Chris Card wrote:
>> As to your question, this actually has nothing to do with SAML. It's
>> browser behavior, yes it's common, and yes there is a common solution.
>> It results from various endpoints not being encrypted. You can go out
>> to Google and find a lot of articles and write ups about this.
> Can an IDP be set up to accept SingleSignOnService redirects on both http
> and https urls? It's not clear to
> me from the SAML metadata spec.
>
> Chris
>
>

--
Chad La Joie
http://itumi.biz
trusted identities, delivered



Archive powered by MHonArc 2.6.16.

Top of Page