Shib IdP 2.3.5 + ECP
Chad La Joie
lajoie at shibboleth.net
Wed Nov 23 15:50:05 GMT 2011
Well, I can only go by what the spec says, not what you were thinking
when you wrote it.
That said, if you think there needs to be a profile configuration option
that allows the IdP to indicate that a request coming in should be
passive, you should probably file an RFE for it on IdPv3 otherwise I'm
not going to remember.
On 11/23/11 10:37 AM, Cantor, Scott wrote:
> On 11/23/11 10:30 AM, "Chad La Joie" <lajoie at shibboleth.net> wrote:
>
>> Well, I guess this is one area where we're going to disagree. I think
>> if you (the SP or the client) can't handle a UI then the request coming
>> in to the IdP better be marked with isPassive. That's what that option
>> is there for in the protocol.
>
> But it isn't there for that (and the SP can't know that). The flag is for
> SPs that want to probe for an existing session without doing an actual
> login yet. It isn't anything to do with client capability.
>
> The client/IDP interaction in ECP is entirely out of scope, which is why
> it's not interoperable if you add a UI. This is one of the
> not-interoperable areas. If you add a UI to the IdP, you have to account
> for it somehow either in the client or in how you expose the UI.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list