SP/IdP Firewall

Mon Nov 21 22:56:10 GMT 2011

On 11/21/11 5:35 PM, "Joshua Brodie" <josbrodie at gmail.com> wrote:
>
>It will be SAML2, without back-channel transaction; if this is the
>case, am I correct in making the assumption that all transactions are
>made via the browser, and opening the firewall is not required?

In that case, yes. The metadata for the IdP shouldn't include any
endpoints for attribute query, artifacts, etc. in such a case.

-- Scott