IDN names for servers

Christopher Bongaarts cab at
Tue Nov 13 11:09:55 EST 2012

On 11/12/2012 3:45 PM, Cantor, Scott wrote:
> On 11/12/12 4:38 PM, "Christopher Bongaarts" <cab at> wrote:
>> I have an SP that is planning to use an internationalized domain name
>> (cyrillic characters) for their server.  Any special
>> concerns about this?  Do they need an extra set of endpoints for the
>> punycode version of the hostname?  Will either server choke on it?
>> Anyone actually tried it?
> I think some older bugs were found by somebody who tried it, so I suspect
> it mostly works now, but I've never tried it myself.
> All I can say about the endpoints is that you need the endpoints that your
> clients will use. If that includes punycode, then so be it, but there's
> nothing special about it.

I didn't see anything specific about matching rules for Location URLs in 
the SAML2 Metadata and Bindings specs, so I presume that that is left to 
the underlying URI RFCs' equivalence rules.

IIRC the IDNA URI matching rules specify that the URLs match iff the 
punycode versions match.

%%  Christopher A. Bongaarts   %%  cab at          %%
%%  OIT - Identity Management  %%  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

More information about the users mailing list