Skip to Content.
Sympa Menu

shibboleth-dev - Re: metada.xml idp 1.3 SP 1.3 security question

Subject: Shibboleth Developers

List archive

Re: metada.xml idp 1.3 SP 1.3 security question


Chronological Thread 
  • From: Nate Klingenstein <>
  • To:
  • Subject: Re: metada.xml idp 1.3 SP 1.3 security question
  • Date: Wed, 9 Apr 2008 16:09:55 +0000

David,

Shibboleth 2.0 gives you much more control over this, since it includes separate configuration for default providers (authenticated successfully, but without specific configuration), and anonymous providers (unauthenticated). You can choose to never even respond to unauthenticated providers.

For an IdP that's version 1.3.1+, I believe -- I can't remember exactly which version added this -- you can set allowAnonymousProviders="false" on the main <IdPConfig> element, and it will never send any response at all.

Thanks,
Nate.

On 9 Apr 2008, at 15:09,

wrote:

I installed one IDP V 1.3 and two SP V1.3.
Actually , all SP created can connect to my IDP, even if in my metadata.xml there isn't any informations about SP.
In my IDP 's log I'm able to read "issued to anonymous provider at (ipadress)".
How can I prevent my IDP from unauthorized SP access.

Thanks for your help.
David.




Archive powered by MHonArc 2.6.16.

Top of Page