HTTP POST Binding in session initiation

Cantor, Scott cantor.2 at
Wed Sep 21 04:10:16 BST 2011

On 9/20/11 10:44 PM, "Liam Hoekenga" <liamr at> wrote:
>It seems like we should thus remove HTTP-POST-SimpleSign and HTTP-POST
>SingleSignOnService bindings from our IdP metadata?

Certainly if they don't work, but the IdP captures that state and tracks
it internally, and I'm not sure why your SSO would be in front of the
POST. The URLs to protect are limited to the login handlers in general.

-- Scott

More information about the users mailing list