Shib IdP 2.3.5 + ECP
Cantor, Scott
cantor.2 at osu.edu
Wed Nov 23 15:37:16 GMT 2011
On 11/23/11 10:30 AM, "Chad La Joie" <lajoie at shibboleth.net> wrote:
>Well, I guess this is one area where we're going to disagree. I think
>if you (the SP or the client) can't handle a UI then the request coming
>in to the IdP better be marked with isPassive. That's what that option
>is there for in the protocol.
But it isn't there for that (and the SP can't know that). The flag is for
SPs that want to probe for an existing session without doing an actual
login yet. It isn't anything to do with client capability.
The client/IDP interaction in ECP is entirely out of scope, which is why
it's not interoperable if you add a UI. This is one of the
not-interoperable areas. If you add a UI to the IdP, you have to account
for it somehow either in the client or in how you expose the UI.
-- Scott
More information about the users
mailing list