SP 2.5 cookieProps

Cantor, Scott cantor.2 at osu.edu
Wed Aug 8 16:15:37 EDT 2012

On 8/8/12 4:02 PM, "Peter Schober" <peter.schober at univie.ac.at> wrote:
>Also for the Sessions element the rules are explicitly spelled out to
>work as descibed by the OP:
>  "If present in the override, the default element's attribute content
>   is ignored."

That was me just adding it.

>Regarding one of these new warnings ("handlerSSL should be enabled for
>SSL/TLS-enabled web sites"): For SPs which need access to the
>assertion itself this might be slighly annoying when the GetAssertion
>handler might not be available via https and hence have set
>handlerSSL="false" even though the site is still https only.

Couldn't the handler still be available over SSL? It's not a given that it
won't be.

-- Scott

More information about the users mailing list