targeted-id question

Cantor, Scott cantor.2 at
Mon Feb 18 15:25:37 EST 2013

On Feb 18, 2013, at 2:59 PM, Mike Flynn <shibbolethlynda at> wrote:

> Mine must be older as my ISAPI stanza looks like this:

Yes, so aside from just obviously making sure that not using safe names is, well, safe, you do indeed get the header name as HTTP_TARGETED_ID.

The point is, I would not store/manage them serialized as value at scope, which is simply wrong. The optional decoder that's commented out fixes that difference and can format them as though they were sent correctly, which means you're insulated from the IdP being broken.

-- Scott

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4103 bytes
Desc: not available
Url : 

More information about the users mailing list