Returning to original target after NoPassive "error"
Cantor, Scott
cantor.2 at osu.edu
Wed Nov 21 15:50:29 EST 2012
On 11/21/12 3:44 PM, "Christopher Bongaarts" <cab at umn.edu> wrote:
>If I'm reading this correctly you're saying you can't just say:
>
><SSO ignoreNoPassive="true">SAML2</SSO>
>
>you have to build out an old-school SessionInitiator instead.
No, it actually went on the AssertionConsumerService endpoint elements,
and because those elements don't take arbitrary attributes as extensions,
it looked like:
<md:AssertionConsumerService Location="" Binding=""
conf:ignoreNoPassive="true"/>
This was not ideal and I don't know how much I can do about it now, but I
know if nothing else I can make this work in the next patch:
<SSO conf:ignoreNoPassive="true">SAML2</SSO>
I may be able to make it work without the prefix. Could you please file a
bug either way, so I don't forget? I'm spending most of my time on the IdP
at the moment.
-- Scott
More information about the users
mailing list