Shib IdP 2.3.5 + ECP
Cantor, Scott
cantor.2 at osu.edu
Wed Nov 23 14:55:49 GMT 2011
On 11/23/11 8:02 AM, "Chad La Joie" <lajoie at shibboleth.net> wrote:
>Not necessarily. ECP does allow the display of a UI, in fact an ECP
>client can be just a browser with a plugin. So, what probably needs to
>happen is that, for non-browser ECP clients, the isPassive flag will
>need to be set in the authn request.
The SP doesn't know what the client is, so it can't add that to the
request. While it's technically possible to have a UI, it's frowned on. At
minimum, there should be separate endpoints for such cases. Recall that
ECP clients don't necessarily use metadata to locate the right endpoint to
use. But since I'm messing with the profile anyway, it's probably worth
defining an extension to identify endpoints that require rich UI.
-- Scott
More information about the users
mailing list