error in UA-NIH federation?

Cantor, Scott cantor.2 at osu.edu
Thu Nov 8 09:04:19 EST 2012


On 11/7/12 7:28 PM, "David Bantz" <dabantz at alaska.edu> wrote:
>
>Does this mean we're stuck at SAML 1 for NIH federation?

That's really up to NIH, but I strongly urge you *not* to have them point
at the IdP's Unsolicited SAML 2 SSO endpoint. That flow is *not* meant to
be triggered by SPs because doing so ties them to a non-standard,
proprietary set of parameters. That feature is meant to be used by systems
you control that you want to point to your IdP.

An SP that wants to do SAML 2 needs to generate a standard AuthnRequest
and send that in the normal ways to the IdP.

-- Scott




More information about the users mailing list