HTTP POST Binding in session initiation

Liam Hoekenga liamr at
Wed Sep 21 15:30:13 BST 2011

> On 9/20/11 10:44 PM, "Liam Hoekenga" <liamr at> wrote:
>> It seems like we should thus remove HTTP-POST-SimpleSign and HTTP-POST
>> SingleSignOnService bindings from our IdP metadata?
> Certainly if they don't work, but the IdP captures that state and tracks
> it internally, and I'm not sure why your SSO would be in front of the
> POST. The URLs to protect are limited to the login handlers in general.

Ok.. I think I understand.

Do all of the login handlers lie behind /idp/AuthnEngine/ or /idp/Authn/ ?


More information about the users mailing list