IdP initiated SSO
Brent Putman
putmanb at georgetown.edu
Thu Feb 7 16:45:46 EST 2013
The NotOnOrAfter is an optional attribute, but I'm not sure whether
legally it can be present but empty. Semantically it is pointless to do
that.
But the real problem, as I said in the other message, is that the SAML
strucgture is just flat out wrong.
On 2/7/13 4:42 PM, Mike Flynn wrote:
> Thanks, Marc. I asked them to correct that but was not sure if that
> was the issue based on the message.
>
> ------------------------------------------------------------------------
> *From:* Marc Boorshtein <mboorshtein at gmail.com>
> *To:* Shib Users <users at shibboleth.net>
> *Sent:* Thursday, February 7, 2013 1:38 PM
> *Subject:* Re: IdP initiated SSO
>
> NotOnorAfter is blank...
>
> On Thu, Feb 7, 2013 at 4:35 PM, Mike Flynn <shibbolethlynda at yahoo.com
> <mailto:shibbolethlynda at yahoo.com>> wrote:
> > This is what was sent:
> >
> > <saml:SubjectConfirmation
> > Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
> > <saml:SubjectConfirmation
> > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
> > <saml:SubjectConfirmationData NotOnOrAfter=""
> > Recipient="https://shib.lynda.com/Shibboleth.sso/SAML2/POST"/>
> > </saml:SubjectConfirmation>
> > </saml:SubjectConfirmation>
> >
More information about the users
mailing list