SOAP SLO handler: what would it be used for?
kwessel at illinois.edu
Wed Apr 16 13:07:02 EDT 2014
We've decided, since nobody's using it, to get rid of back-channel handler support on our IDP. I encourage others to consider this route.
I'm planning to remove the SAML1 and 2 attribute query and artifact resolution endpoints from published metadata, local metadata, and handler.xml.
Looks like /idp/profile/SAML2/SOAP/SLO also uses back channel communications... and we can turn that off, too. I'm just curious, though, what would be a use case for a SOAP SLO call? Non-interactively terminating a user's session?
I assume that the SOAP SLO call uses a similar security model to artifact resolution and attribute queries and thus should be turned off if we're turning off the others. Is that correct?
And finally, does ECP not use this security model? Looks like we have that running on 443, so I assume it's not using a cert from metadata. Is that right?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users