shibboleth-dev - Re: [Shib-Dev] IDP metadata with no ACS url
Subject: Shibboleth Developers
List archive
- From: "Cantor, Scott E." <>
- To: "" <>
- Subject: Re: [Shib-Dev] IDP metadata with no ACS url
- Date: Fri, 3 Jun 2011 18:11:35 +0000
- Accept-language: en-US
On 6/3/11 12:18 PM, "Bobby Lawrence"
<>
wrote:
>I'm wondering if it would be a good idea to change this behavior so that
>if the SP is not anonymous and no endpoint can be found, that the IDP
>uses the endpoint defined in the AuthnRequest.
As Brent said, if you require signed requests, then you can do it. If not,
you can cause a serious security vulnerability.
-- Scott
- [Shib-Dev] IDP metadata with no ACS url, Bobby Lawrence, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Brent Putman, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Brent Putman, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Bobby Lawrence, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Bobby Lawrence, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Brent Putman, 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Cantor, Scott E., 06/03/2011
- Re: [Shib-Dev] IDP metadata with no ACS url, Brent Putman, 06/03/2011
Archive powered by MHonArc 2.6.16.