IdP initiated SSO

Brent Putman putmanb at
Thu Feb 7 16:42:54 EST 2013

On 2/7/13 4:35 PM, Mike Flynn wrote:
> This is what was sent:
> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
> <saml:SubjectConfirmationData NotOnOrAfter="" Recipient="
> <>"/>
>       </saml:SubjectConfirmation>
> </saml:SubjectConfirmation>

Well, that's just completely bogus, it's not even legal SAML.   It has
bearer SubjectConfirmation wrapped in a holder-of-key one, which I
*think* is schema invalid.  And certainly logically doesn't make any sense.

To put it mildly, it sounds like they, um, have some work to do on their
SAML implementation...

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list