SAML2 Request - "Destination" XML attribute.
putmanb at georgetown.edu
Fri Aug 10 15:33:39 EDT 2012
On 8/10/12 10:35 AM, Cantor, Scott wrote:
> And for the record, no, there's no way to get the SP to not send the
> attribute, seeing as it's required by the standard. They would be
> non-compliant if they accepted a message without it, or didn't match on it.
I believe technically it's optional to be present, per the schema and
core spec. If it *is* present then it's mandatory for the recipient to
process (per core). Per the bindings spec, for the HTTP Post and HTTP
Redirect bindings, it is mandatory to be present if the message is
signed. At least that has always been my read of it and is how it's
implemented in OpenSAML and the IdP currently.
More information about the users