Shib IdP 2.3.5 + ECP

Cantor, Scott cantor.2 at
Wed Nov 23 14:55:49 GMT 2011

On 11/23/11 8:02 AM, "Chad La Joie" <lajoie at> wrote:

>Not necessarily.  ECP does allow the display of a UI, in fact an ECP
>client can be just a browser with a plugin.  So, what probably needs to
>happen is that, for non-browser ECP clients, the isPassive flag will
>need to be set in the authn request.

The SP doesn't know what the client is, so it can't add that to the
request. While it's technically possible to have a UI, it's frowned on. At
minimum, there should be separate endpoints for such cases. Recall that
ECP clients don't necessarily use metadata to locate the right endpoint to
use. But since I'm messing with the profile anyway, it's probably worth
defining an extension to identify endpoints that require rich UI.

-- Scott

More information about the users mailing list