SAML2 Request - "Destination" XML attribute.

Brent Putman putmanb at
Fri Aug 10 15:33:39 EDT 2012

On 8/10/12 10:35 AM, Cantor, Scott wrote:
> And for the record, no, there's no way to get the SP to not send the
> attribute, seeing as it's required by the standard. They would be
> non-compliant if they accepted a message without it, or didn't match on it.

I believe technically it's optional to be present, per the schema and
core spec. If it *is* present then it's mandatory for the recipient to
process (per core).  Per the bindings spec, for the HTTP Post and HTTP
Redirect bindings, it is mandatory to be present if the message is
signed.  At least that has always been my read of it and is how it's
implemented in OpenSAML and the IdP currently.

More information about the users mailing list