SOAP SLO handler: what would it be used for?

Andrew Morgan morgan at orst.edu
Wed Apr 16 19:03:44 EDT 2014


On Wed, 16 Apr 2014, Cantor, Scott wrote:

> On 4/16/14, 6:33 PM, "Andrew Morgan" <morgan at orst.edu> wrote:
>
>> Or should I just remove the DefaultRelyingParty entirely so that only
>> enumerated RPs have access?  How do I handle InCommon SPs then?
>
> That wouldn't be typical. You can't limit anything to InCommon in the IdP
> without using deprecated approaches that would not be encouraged.
>
> We don't design for blocking authentication to anybody you supply metadata
> for, we assume you limit the attributes released afterwards.
>
> If you need to block authentication, you can filter the metadata to start
> with, or use a custom login handler.

Nope, no need to block authentication or anything.  I'll just remove the 
unused Profiles from the relying-party.xml and from my metadata.

Thanks for the information everyone!

 	Andy


More information about the users mailing list