HTTP POST Binding in session initiation
cantor.2 at osu.edu
Wed Sep 21 04:10:16 BST 2011
On 9/20/11 10:44 PM, "Liam Hoekenga" <liamr at umich.edu> wrote:
>It seems like we should thus remove HTTP-POST-SimpleSign and HTTP-POST
>SingleSignOnService bindings from our IdP metadata?
Certainly if they don't work, but the IdP captures that state and tracks
it internally, and I'm not sure why your SSO would be in front of the
POST. The URLs to protect are limited to the login handlers in general.
More information about the users