Make IdP omit inResponseTo

Chad La Joie lajoie at itumi.biz
Tue Jan 24 19:42:24 GMT 2012 

SIDP-461 is discussing the use of the Shibboleth SSO protocol with
SAML 2 (previously it only worked for SAML 1).  If you're dealing with
a <samlp:AuthnRequest> then you're not dealing with the Shibboleth SSO
protocol.  So, you're dealing with the SAML messages then you need to
follow the SAML spec.

On Tue, Jan 24, 2012 at 14:34, Nanda Kumar <NKK at fischerinternational.com> wrote:
> SIDP-461 states
>
> "Finally, the whole point of this exercise is to signal that the IdP should omit InResponseTo. We can't do this by the absence of a messageID, because the replay support we added to 2.2.1 mocks up a messageID for legacy protocol requests. Chad suggested using a profile handler option, but I would rather that deployers didn't have to turn this off for all responses from the profile handler, mainly because the SP at some point might start enforcing the InResponseTo check."
>
> The intention of this fix as I understand is to selectively send inResponseTo.  How can the Idp be made to omit InResponseTo?
>
> Nanda
>
> -----Original Message-----
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Chad La Joie
> Sent: Tuesday, January 24, 2012 2:25 PM
> To: Shib Users
> Subject: Re: Make IdP omit inResponseTo
>
> If the incoming request contains a request ID the IdP is required to send it back.  There is no way to disable that.
>
> On Tue, Jan 24, 2012 at 14:17, Nanda Kumar <NKK at fischerinternational.com> wrote:
>> Hello,
>>
>>     In an Idp Initiated sso scenario, how can I make the IdP to omit
>> inResponseTo?
>>
>> I have seen SIDP-461,  but couldn't figure out how to make the IdP set
>> the unsolicited flag.
>>
>> Is that controlled by setting an attribute to the samlp:AuthnRequest
>> xml element?
>>
>>
>>
>> Thanks
>>
>> Nanda
>>
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>
>
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net



-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered

More information about the users mailing list