Shibboleth Developers

["Scott Cantor" <>]

Peter Williams wrote on 2009-02-26:
> If I state a (signed) requirement of passwordprotectedtransport and force-
> authn=true, I expect the SSL endpoint in the IDP to perform a full SSL
> handshake.

I'm not aware of any way to guarantee that, and it certainly isn't what the
combination of those settings means to anybody else. If you find a single
person who agrees with you, I'll be amazed.

As a practical matter, I do not believe there's anything made available to
an application that tells it whether the web server performed a handshake. I
don't even think turning off SSL session caching implies that, though I
could be wrong.

-- Scott