Persistent Assertion/Subject/NameID from LDAP Attribute
Henry B. Hotz
hotz at jpl.nasa.gov
Wed Aug 15 14:43:53 EDT 2012
On Aug 10, 2012, at 9:23 AM, Cantor, Scott wrote:
> On 8/10/12 12:19 PM, "Henry B. Hotz" <hotz at jpl.nasa.gov> wrote:
>>
>> I'm thinking the SP should be able to say what it supports and not get
>> sent something that it doesn't. I'm *not* saying the rp preference
>> shouldn't be there. I agree that an IDP shouldn't be coerced into doing
>> something counter to policy by an external input.
>
> SPs that care generally want one format and should request that format in
> the message. Otherwise they generally don't care.
So it should be in the authentication request as opposed to the metadata?
>> If the intersection of the two NameIDFormat spec's is null, the request
>> should probably fail. Consider that a feature request, not a bug report.
>> ;-)
>
> As far as I know that's how it works.
Complexities to test here that I probably won't have time to try for a long time. |-P
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the users
mailing list