targeted-id question

Mike Flynn shibbolethlynda at
Mon Feb 18 15:28:45 EST 2013

OK, I will un-comment the rule and comment out the old one I guess.

 From: "Cantor, Scott" <cantor.2 at>
To: Shib Users <users at> 
Sent: Monday, February 18, 2013 12:25 PM
Subject: Re: targeted-id question

On Feb 18, 2013, at 2:59 PM, Mike Flynn <shibbolethlynda at> wrote:

> Mine must be older as my ISAPI stanza looks like this:

Yes, so aside from just obviously making sure that not using safe names is, well, safe, you do indeed get the header name as HTTP_TARGETED_ID.

The point is, I would not store/manage them serialized as value at scope, which is simply wrong. The optional decoder that's commented out fixes that difference and can format them as though they were sent correctly, which means you're insulated from the IdP being broken.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list