Returning to original target after NoPassive "error"
Christopher Bongaarts
cab at umn.edu
Mon Nov 26 12:08:39 EST 2012
On 11/21/2012 2:50 PM, Cantor, Scott wrote:
> On 11/21/12 3:44 PM, "Christopher Bongaarts" <cab at umn.edu> wrote:
>
>> If I'm reading this correctly you're saying you can't just say:
>>
>> <SSO ignoreNoPassive="true">SAML2</SSO>
>>
>> you have to build out an old-school SessionInitiator instead.
>
> No, it actually went on the AssertionConsumerService endpoint elements,
> and because those elements don't take arbitrary attributes as extensions,
> it looked like:
>
> <md:AssertionConsumerService Location="" Binding=""
> conf:ignoreNoPassive="true"/>
>
> This was not ideal and I don't know how much I can do about it now, but I
> know if nothing else I can make this work in the next patch:
>
> <SSO conf:ignoreNoPassive="true">SAML2</SSO>
>
> I may be able to make it work without the prefix. Could you please file a
> bug either way, so I don't forget? I'm spending most of my time on the IdP
> at the moment.
You betcha: https://issues.shibboleth.net/jira/browse/SSPCPP-527
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list