Make IdP omit inResponseTo
Nanda Kumar
NKK at FISCHERINTERNATIONAL.COM
Tue Jan 24 19:34:23 GMT 2012
SIDP-461 states
"Finally, the whole point of this exercise is to signal that the IdP should omit InResponseTo. We can't do this by the absence of a messageID, because the replay support we added to 2.2.1 mocks up a messageID for legacy protocol requests. Chad suggested using a profile handler option, but I would rather that deployers didn't have to turn this off for all responses from the profile handler, mainly because the SP at some point might start enforcing the InResponseTo check."
The intention of this fix as I understand is to selectively send inResponseTo. How can the Idp be made to omit InResponseTo?
Nanda
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Chad La Joie
Sent: Tuesday, January 24, 2012 2:25 PM
To: Shib Users
Subject: Re: Make IdP omit inResponseTo
If the incoming request contains a request ID the IdP is required to send it back. There is no way to disable that.
On Tue, Jan 24, 2012 at 14:17, Nanda Kumar <NKK at fischerinternational.com> wrote:
> Hello,
>
> In an Idp Initiated sso scenario, how can I make the IdP to omit
> inResponseTo?
>
> I have seen SIDP-461, but couldn't figure out how to make the IdP set
> the unsolicited flag.
>
> Is that controlled by setting an attribute to the samlp:AuthnRequest
> xml element?
>
>
>
> Thanks
>
> Nanda
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
--
Chad La Joie
www.itumi.biz
trusted identities, delivered
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list