Skip to Content.
Sympa Menu

shibboleth-dev - RE: [Shib-Dev] ecp binding in metadata?

Subject: Shibboleth Developers

List archive

RE: [Shib-Dev] ecp binding in metadata?


Chronological Thread 
  • From: Jim Fox <>
  • To: "" <>
  • Subject: RE: [Shib-Dev] ecp binding in metadata?
  • Date: Tue, 23 Mar 2010 14:46:13 -0700 (PDT)


The question comes up whether or not the binding in the relayed
AuthnRequest HAS to be PAOS, or can it be any binding in the
SP's metadata. The actual binding at the IdP is always SOAP.
The binding mentioned in the AuthnRequest would seem to be somewhat
of a private matter between the ECP client and the SP, as they are
the one's actually using it.

Jim



On Tue, 23 Mar 2010, Scott Cantor wrote:

Date: Tue, 23 Mar 2010 13:15:41 -0700
From: Scott Cantor
<>
To:
""

<>
Reply-To:
""

<>
Subject: RE: [Shib-Dev] ecp binding in metadata?

Am I correct that in metadata an SP's ECP endpoint should have a binding
of "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", even though requests at
the IdP will show up using "urn:oasis:names:tc:SAML:2.0:bindings:SOAP"?

Yes. The errata modified profiles document explicitly indicates what to use.

Note also that the IdP binding for this use of ECP is distinct from the
delegation work we did because that relies on the Liberty SOAP binding
rather than the SAML SOAP binding.

-- Scott






Archive powered by MHonArc 2.6.16.

Top of Page