shibboleth-dev - RE: [Shib-Dev] idp-initiated SSO
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: [Shib-Dev] idp-initiated SSO
- Date: Tue, 7 Oct 2008 12:31:21 -0400
- Organization: The Ohio State University
> This technique works fine Shibboleth to Shibboleth, but in my
> interoperability testing with some commercial products, it is inconsistent
> as to whether it works. The IDP populates the InResponseTo attribute, and
> according to the SAML standards it "MUST NOT contain an InResponseTo" for
> Unsolicited Responses. I know that when I did some testing with CA
> Siteminder, it failed with an error about unrecognized Response ID.
>
> Is there a way in the spoofing to tell the IDP to leave out that
attribute?
That's what the extension Nate mentioned was for (among other reasons). If
you follow the spec, both the IdP and the CA SP are doing the right thing,
so they're not buggy.
If you wanted basic support for the third party request profile, maybe just
with unsigned requests to solve this basic problem, you could file that in
jira.
-- Scott
- idp-initiated SSO, yangling_1985, 10/06/2008
- Re: [Shib-Dev] idp-initiated SSO, Chad La Joie, 10/06/2008
- Re: [Shib-Dev] idp-initiated SSO, Nate Klingenstein, 10/06/2008
- RE: [Shib-Dev] idp-initiated SSO, Jeff.Krug, 10/07/2008
- Re: [Shib-Dev] idp-initiated SSO, Chad La Joie, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Peter Williams, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Peter Williams, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Jeff.Krug, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/07/2008
- Message not available
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Peter Williams, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Peter Williams, 10/17/2008
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/17/2008
- RE: [Shib-Dev] idp-initiated SSO, Peter Williams, 10/17/2008
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/17/2008
- RE: [Shib-Dev] idp-initiated SSO, Scott Cantor, 10/17/2008
- RE: [Shib-Dev] idp-initiated SSO, Jeff.Krug, 10/07/2008
- Re: [Shib-Dev] idp-initiated SSO, Chad La Joie, 10/07/2008
- RE: [Shib-Dev] idp-initiated SSO, Jeff.Krug, 10/07/2008
Archive powered by MHonArc 2.6.16.