Transport confidentiality required, but not available

Tom Scavo trscavo at
Fri Sep 2 13:11:21 BST 2011

On Thu, Sep 1, 2011 at 4:28 AM, Rod Widdowson <rdw at> wrote:
> You therefore need to fix your metadata, fix the IdP or as a final mechanism teach the SP that security doesn't matter.

Adding to Rod's suggestions, you should step back and ask if you
really want to do attribute query in the first place. It's more
typical to push encrypted attributes through the browser in SAML2
flows. That is certainly the path of least resistance, and unless you
have good reason to want to do attribute query, you should just avoid
it altogether.


More information about the users mailing list