Shib IdP 2.3.5 + ECP
Chad La Joie
lajoie at shibboleth.net
Wed Nov 23 15:30:48 GMT 2011
Well, I guess this is one area where we're going to disagree. I think
if you (the SP or the client) can't handle a UI then the request coming
in to the IdP better be marked with isPassive. That's what that option
is there for in the protocol.
On 11/23/11 10:26 AM, Cantor, Scott wrote:
> On 11/23/11 10:16 AM, "Chad La Joie" <lajoie at shibboleth.net> wrote:
>>
>> As far as I can tell, the problem is that a request is coming in, it's
>> not marked as isPassive but the client isn't able to handle a UI. If
>> that's the case the IdP is never going to be able to handle that.
>
> Just have a separate endpoint if you build an ECP handler that has a UI,
> and make sure the one that doesn't can signal or opt out of uApprove.
>
> If for now that means (the deployer) mucking with the handler paths and
> web.xml, so be it. That's much better than baking in a setting at every SP
> that might not be needed later and might actually cause unwanted outcomes.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list