Persistent Assertion/Subject/NameID from LDAP Attribute
Cantor, Scott
cantor.2 at osu.edu
Fri Aug 10 12:23:16 EDT 2012
On 8/10/12 12:19 PM, "Henry B. Hotz" <hotz at jpl.nasa.gov> wrote:
>
>I'm thinking the SP should be able to say what it supports and not get
>sent something that it doesn't. I'm *not* saying the rp preference
>shouldn't be there. I agree that an IDP shouldn't be coerced into doing
>something counter to policy by an external input.
SPs that care generally want one format and should request that format in
the message. Otherwise they generally don't care.
>If the intersection of the two NameIDFormat spec's is null, the request
>should probably fail. Consider that a feature request, not a bug report.
> ;-)
As far as I know that's how it works.
-- Scott
More information about the users
mailing list