HTTP POST Binding in session initiation
Liam Hoekenga
liamr at umich.edu
Wed Sep 21 15:30:13 BST 2011
> On 9/20/11 10:44 PM, "Liam Hoekenga" <liamr at umich.edu> wrote:
>>
>> It seems like we should thus remove HTTP-POST-SimpleSign and HTTP-POST
>> SingleSignOnService bindings from our IdP metadata?
>
> Certainly if they don't work, but the IdP captures that state and tracks
> it internally, and I'm not sure why your SSO would be in front of the
> POST. The URLs to protect are limited to the login handlers in general.
Ok.. I think I understand.
Do all of the login handlers lie behind /idp/AuthnEngine/ or /idp/Authn/ ?
Liam
More information about the users
mailing list