SOAP SLO handler: what would it be used for?
morgan at orst.edu
Wed Apr 16 19:03:44 EDT 2014
On Wed, 16 Apr 2014, Cantor, Scott wrote:
> On 4/16/14, 6:33 PM, "Andrew Morgan" <morgan at orst.edu> wrote:
>> Or should I just remove the DefaultRelyingParty entirely so that only
>> enumerated RPs have access? How do I handle InCommon SPs then?
> That wouldn't be typical. You can't limit anything to InCommon in the IdP
> without using deprecated approaches that would not be encouraged.
> We don't design for blocking authentication to anybody you supply metadata
> for, we assume you limit the attributes released afterwards.
> If you need to block authentication, you can filter the metadata to start
> with, or use a custom login handler.
Nope, no need to block authentication or anything. I'll just remove the
unused Profiles from the relying-party.xml and from my metadata.
Thanks for the information everyone!
More information about the users