IdP initiated SSO
Brent Putman
putmanb at georgetown.edu
Thu Feb 7 16:42:54 EST 2013
On 2/7/13 4:35 PM, Mike Flynn wrote:
> This is what was sent:
>
> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
>
> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
>
> <saml:SubjectConfirmationData NotOnOrAfter="" Recipient="https://shib.lynda.com/Shibboleth.sso/SAML2/POST
> <https://shib.lynda.com/Shibboleth.sso/SAML2/POST>"/>
> </saml:SubjectConfirmation>
> </saml:SubjectConfirmation>
>
Well, that's just completely bogus, it's not even legal SAML. It has
bearer SubjectConfirmation wrapped in a holder-of-key one, which I
*think* is schema invalid. And certainly logically doesn't make any sense.
To put it mildly, it sounds like they, um, have some work to do on their
SAML implementation...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130207/166a8114/attachment.html
More information about the users
mailing list