Returning to original target after NoPassive "error"

Cantor, Scott cantor.2 at
Wed Nov 21 15:50:29 EST 2012

On 11/21/12 3:44 PM, "Christopher Bongaarts" <cab at> wrote:

>If I'm reading this correctly you're saying you can't just say:
><SSO ignoreNoPassive="true">SAML2</SSO>
>you have to build out an old-school SessionInitiator instead.

No, it actually went on the AssertionConsumerService endpoint elements,
and because those elements don't take arbitrary attributes as extensions,
it looked like:

<md:AssertionConsumerService Location="" Binding=""

This was not ideal and I don't know how much I can do about it now, but I
know if nothing else I can make this work in the next patch:

<SSO conf:ignoreNoPassive="true">SAML2</SSO>

I may be able to make it work without the prefix. Could you please file a
bug either way, so I don't forget? I'm spending most of my time on the IdP
at the moment.

-- Scott

More information about the users mailing list