Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] Browser warnings when redirecting to SingleSignOnService url

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] Browser warnings when redirecting to SingleSignOnService url


Chronological Thread 
  • From: Eshan Haider <>
  • To:
  • Subject: Re: [OpenSAML] Browser warnings when redirecting to SingleSignOnService url
  • Date: Wed, 2 Feb 2011 09:07:03 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=VZ6lMUEtsMh0blN72wjwAQp46qWXiycEMf+wO8DG/LIITvPzKAXRi23+DjlsfPwBj8 0dx/ol0T+9B1CZ8fhKV8/Ovzrnu7FN+sEnmqwbmzYDFwjpzEhzazROQ5MWOM1yQLFpIE z0QZjd2PewvabrYBMPgLG5fdSjVklyJ4r9+Uo=
Add the domain to the trusted domain in your browser. This issue won't occur again for all the website within the domain added to the trusted domain.
 
Agha

On Wed, Feb 2, 2011 at 8:15 AM, Chad La Joie <> wrote:
The SAML spec does not make any requirements one way of the other.
Whether it makes sense to do that for a particular deployment depends on
the environment of that deployment.  If the IdP is accepting
username/password is really should only be doing so over HTTPS.  If the
IdP has a one-time token that it's using then *maybe* one could argue
that didn't have to be over HTTPS.

On 2/2/11 6:48 AM, Chris Card wrote:
>> As to your question, this actually has nothing to do with SAML.  It's
>> browser behavior, yes it's common, and yes there is a common solution.
>> It results from various endpoints not being encrypted.  You can go out
>> to Google and find a lot of articles and write ups about this.
> Can an IDP be set up to accept SingleSignOnService redirects on both http and https urls? It's not clear to
> me from the SAML metadata spec.
>
> Chris
>
>

--
Chad La Joie
http://itumi.biz
trusted identities, delivered


Archive powered by MHonArc 2.6.16.

Top of Page