Force SAML 1 with Login handler?
Cantor, Scott
cantor.2 at osu.edu
Fri Sep 23 22:23:46 BST 2011
On 9/23/11 5:12 PM, "Tom Poage" <tfpoage at ucdavis.edu> wrote:
>Is there a way from the client/IdP side to force using SAML 1 when
>visiting the /Login handler?
Not without messing with your metadata, but now that you mention it, that
isn't a crazy feature to request (hint). I'm not sure why that never
occurred to me. I think I convinced myself it's some kind of security
risk, but that logic doesn't really hold.
>(If not, since we maintain a launch URL for the SP, perhaps we can fall
>back to the SAML 1 /Shibboleth/SSO profile handler)
In that scenario, you certainly can control it, yes.
-- Scott
More information about the users
mailing list