shibboleth-dev - Re: metada.xml idp 1.3 SP 1.3 security question
Subject: Shibboleth Developers
List archive
- From: Nate Klingenstein <>
- To:
- Subject: Re: metada.xml idp 1.3 SP 1.3 security question
- Date: Wed, 9 Apr 2008 16:09:55 +0000
David,
Shibboleth 2.0 gives you much more control over this, since it includes separate configuration for default providers (authenticated successfully, but without specific configuration), and anonymous providers (unauthenticated). You can choose to never even respond to unauthenticated providers.
For an IdP that's version 1.3.1+, I believe -- I can't remember exactly which version added this -- you can set allowAnonymousProviders="false" on the main <IdPConfig> element, and it will never send any response at all.
Thanks,
Nate.
On 9 Apr 2008, at 15:09,
wrote:
I installed one IDP V 1.3 and two SP V1.3.
Actually , all SP created can connect to my IDP, even if in my metadata.xml there isn't any informations about SP.
In my IDP 's log I'm able to read "issued to anonymous provider at (ipadress)".
How can I prevent my IDP from unauthorized SP access.
Thanks for your help.
David.
- metada.xml idp 1.3 SP 1.3 security question, davidfdm2002, 04/09/2008
- Re: metada.xml idp 1.3 SP 1.3 security question, Nate Klingenstein, 04/09/2008
Archive powered by MHonArc 2.6.16.