Shib IdP 2.3.5 + ECP
Chad La Joie
lajoie at shibboleth.net
Wed Nov 23 15:01:05 GMT 2011
Sure, I wasn't expecting the SP to magically know. I assumed there
would be one session initiator for "normal" requests and another for
passive requests that was used by the client. But that supposes the
SP/client have agreed to use lazy sessions, so that might be assuming
too much.
On 11/23/11 9:55 AM, Cantor, Scott wrote:
> On 11/23/11 8:02 AM, "Chad La Joie" <lajoie at shibboleth.net> wrote:
>
>> Not necessarily. ECP does allow the display of a UI, in fact an ECP
>> client can be just a browser with a plugin. So, what probably needs to
>> happen is that, for non-browser ECP clients, the isPassive flag will
>> need to be set in the authn request.
>
> The SP doesn't know what the client is, so it can't add that to the
> request. While it's technically possible to have a UI, it's frowned on. At
> minimum, there should be separate endpoints for such cases. Recall that
> ECP clients don't necessarily use metadata to locate the right endpoint to
> use. But since I'm messing with the profile anyway, it's probably worth
> defining an extension to identify endpoints that require rich UI.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list